1.ansible简介
ansible是一款自动化运维工具,基于Python开发,集合了众多运维工具(puppet,cfengine,chef,func,fabric)的优点,实现了批量(系统配置,程序部署,运行命令)等功能
并且ansible是基于模块工作的,本身没有批量部署的能力,真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
1.连接插件connetion plugins:负责和被监控端实现通讯;
2.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
3.各种模块核心模块,command模块,自定义模块;
4.借助于插件完成纪录日志邮件等功能;
5.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
ansible架构图
Ansible有很多配置参数,以下是几个默认的配置参数:
inventory = /root/ansible/hosts
library = /usr/share/my_modules/
forks = 5
sudo_user = root
remote_port = 22
host_key_checking = False
timeout = 20
log_path = /var/log/ansible.log
inventory:该参数表示inventory文件的位置,资源清单(inventory)就是Ansible需要连接管理的一些主机列表。
library:Ansible的所有操作都使用模块来执行实现,这个library参数就是指向存放Ansible模块的目录。
forks:设置默认情况下Ansible最多能有多少个进程同时工作,默认5个进程并行处理。具体需要设置多少个,可以根据控制端性能和被管理节点的数量来确定。
sudo_user:设置默认执行命令的用户,也可以在playbook中重新设置这个参数。
remote_port:指定连接被管理节点的管理端口,默认是22,除非设置了特殊的SSH端口,否则不需要修改此参数。
host_key_checking:设置是否检查SSH主机的密钥。可以设置为True或False。即ssh的主机再次验证。
timeout:设置SSH连接的超时间隔,单位是秒。
log_path:Ansible默认不记录日志,如果想把Ansible系统的输出记录到日志文件中,需要设置log_path。需要注意,模块将会调用被管节点的(r)syslog来记录,执行Ansible的用户需要有写入日志的权限。
ansible安装
配置安装163的源
[root@localhost ~]# cd /etc/yum.repos.d/
//创建备份目录
[root@localhost yum.repos.d]# mkdir /etc/repo-bf
//将原yum仓库的文件备份到repo-bf
[root@localhost yum.repos.d]# mv * /etc/repo-bf
//下载163的源到yum仓库
[root@localhost yum.repos.d]# curl -o 163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
//将改为版本的7
[root@localhost yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/163.repo
[root@localhost yum.repos.d]# sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/163.repo
//自动配置yum的软件仓库,也可以自己配置
[root@localhost yum.repos.d]# yum -y install epel-release
[root@localhost yum.repos.d]# yum -y install ansible ansible-doc
[root@localhost yum.repos.d]# yum clean all
//查看ansible版本
[root@localhost yum.repos.d]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
//设置环境
[root@localhost yum.repos.d]# yum -y install wget
[root@localhost yum.repos.d]# cd
ansible配置
配置文件:
ansible主配置文件 /etc/ansible/ansible.cfg
受控主机清单 /etc/ansible/hosts
受控主机清单配置方式
* 分组配置 一个组下添加多个ip
* ip配置 也可以网段,例:192.168.56.[1-254]
* 域名配置
* 通配符配置 [001:006], 1到6 (例:www.001.xxx.com ...)
分组设置,例:
[abc]
192.168.56.123
192.168.56.138
ansible通过ssh来控制远程主机,所以要配置ssh互信,否则将会提示你输入密码。
ssh-keygen -t rsa //生成密钥
[root@localhost ~]# ls .ssh/
id_rsa id_rsa.pub
ssh-copy-id -i ~/.ssh/id_rsa.pub root@(需要免密的受控端ip)
ansible如何获取帮助
ansible通过ansible-doc命令来获取帮助信息,可以使用此命令的-s选项来获取指定模块的帮助信息
//查询ping模块的帮助文档
[root@localhost ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set
to `crash', the module will cause an
exception.
ansible常用模块使用详解
ansible常用模块有:
* ping
* yum
* template
* copy
* user
* group
* service
* raw
* command
* shell
* script
ansible常用模块raw,command,shell的区别:
* shell模块调用的/bin/sh指令执行
* command模块不是调用的shell的指令,所以没有bash的环境变量
* raw很多地方和shell类似,更多地方建议使用shell和conmmand模块。但是如果是使用老版本python,需要用到raw,又后者是客户端是路由器,因为没有安装python模块,那就需要使用raw模块了
ansible常用之ping
ping模块常用于检查指定节点机器是否连通,用法简单,不涉及参数,主机如果在线,则回复pong
[root@localhost ~]# ansible [all或你设置组,ip等] -m ping
例:
[root@localhost ~]# ansible abc -m ping
192.168.56.123 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.56.138 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible常用模块之command
command模块用于在远程主机上执行命令,ansible默认就是使用command模块
command模块有一个缺陷就是不能使用管道符和重定向功能,这里不做示范
//查看受控机的/tmp目录内容
[root@localhost ~]# ansible abc -a 'ls /tmp'
192.168.56.123 | SUCCESS | rc=0 >>
ansible_bWbAQA
ks-script-FJMsU1
systemd-private-d64c48c29b014817892ff2b800ef4fdf-chronyd.service-SQE1dO
systemd-private-d64c48c29b014817892ff2b800ef4fdf-httpd.service-REOrV8
systemd-private-d64c48c29b014817892ff2b800ef4fdf-vgauthd.service-AEDF9T
systemd-private-d64c48c29b014817892ff2b800ef4fdf-vmtoolsd.service-7FRejI
systemd-private-e09517bf16f64a2fbe7372b98204716d-chronyd.service-nkIAuP
systemd-private-e09517bf16f64a2fbe7372b98204716d-vgauthd.service-r1RS7D
systemd-private-e09517bf16f64a2fbe7372b98204716d-vmtoolsd.service-QXRPMs
yum.log
192.168.56.138 | SUCCESS | rc=0 >>
ansible__mXwII
ks-script-Q6MuAp
systemd-private-5895f3e39f304700829d55b9a5234b36-chronyd.service-O9f5LP
systemd-private-5895f3e39f304700829d55b9a5234b36-vgauthd.service-bfquyZ
systemd-private-5895f3e39f304700829d55b9a5234b36-vmtoolsd.service-Z2u8r9
yum.log
//在受控主机上新建个文件
[root@localhost ~]# ansible abc -a 'touch /tmp/123'
//受控机上查看
[root@localhost ~]# ls /tmp/
123
**ansible常用模块之raw
raw模块用于在远程主机上执行命令,支持管道符与重定向***
//查看
[root@localhost ~]# ansible abc -m raw -a 'cat /tmp/123'
192.168.56.123 | SUCCESS | rc=0 >>
123456
Shared connection to 192.168.56.123 closed.
...
//支持管道符
[root@localhost ~]# ansible abc -m raw -a 'cat /tmp/123|grep 123'
192.168.56.123 | SUCCESS | rc=0 >>
123456
Shared connection to 192.168.56.123 closed.
ansible常用模块之shell
shell模块用于在受控机上执行受控机上的脚本,也可直接在受控机上执行命令
支持管道和重定向
//查看受控机的脚本(自编)
[root@localhost ~]# cat /etc/aaa.sh
#!/bin/bash
for i in {1..10};do
echo $i
done
使用shell模块在受控机上执行的脚本
[root@localhost ~]# ansible abc -m shell -a 'bash /etc/aaa.sh|grep 1 &>/tmp/123'
[root@localhost ~]# ansible abc -m shell -a 'cat /tmp/123'
192.168.56.138 | SUCCESS | rc=0 >>
1
10
...
ansible常用模块之script
scrip模块在受控机上执行主控上的脚本
[root@localhost ~]# scp [email protected]:/etc/aaa.sh /root
[root@localhost ~]# mv aaa.sh a123.sh
[root@localhost ~]# ansible abc -m script -a 'a123.sh &> /tmp/123'
192.168.56.123 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.56.123 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.56.123 closed."
],
"stdout": "",
"stdout_lines": []
}
...
//受控机查看
[root@localhost ~]# cat /tmp/123
1
2
3
...
可见在受控机上执行了主控机上的脚本,并纪录到了受控机。
ansible常用模块之template
template模块用于生成一个模板,并可将其传输至远程主机上
//下载并设置163的源
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost ~]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
[root@localhost ~]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@localhost ~]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
//将设置好的163源传到受控机
[root@localhost ~]# ansible abc -m template -a 'src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo'
192.168.56.123 | SUCCESS => {
"changed": true,
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536578876.83-251571075139699/source",
"state": "file",
"uid": 0
}
...
//受控机查看
[root@localhost ~]# ls /etc/yum.repos.d/
163.repo
ansible常用模板之yum
yum模板用于在指定节点机器上通过yum管理软件,其支持的参数主要有两个
* name:要管理的包名
* state:要进行的操作
state常用的值:
- latest:安装软件
- installed:安装软件
- present:安装软件
- removed:卸载软件
- absent:卸载软件
若想使用yum来管理软件,请确保受控机上的yum源无异常
//在受控和机上查询vsftpd软件是否安装
[root@localhost ~]# rpm -qa|grep vsftpd
在ansible主机上使用yum模块在受控机上安装vsftpd
[root@localhost ~]# ansible abc -m yum -a 'name=vsftpd state=present'
192.168.56.123 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"vsftpd-3.0.2-22.el7.x86_64 providing vsftpd is already installed"
]
}
...
//检查vsftpd
[root@localhost ~]# ansible abc -m shell -a 'rpm -qa|grep vsftpd'
192.168.56.123 | SUCCESS | rc=0 >>
vsftpd-3.0.2-22.el7.x86_64
192.168.56.138 | SUCCESS | rc=0 >>
vsftpd-3.0.2-22.el7.x86_64
ansible常用模块之copy
copy模块用于复制文件至远程受控机
[root@localhost ~]# ls
a123.sh
将主控机root下的a123.sh复制到受控机的root/
[root@localhost ~]# ansible abc -m copy -a 'src=a123.sh dest=root/'
192.168.56.123 | SUCCESS => {
"changed": true,
"checksum": "dd788902d7b36afedee8f2087a3e93b4047d33de",
"dest": "root/a123.sh",
"gid": 0,
"group": "root",
"md5sum": "84f03ff2c65a9b9bfea41587ad43e533",
"mode": "0644",
"owner": "root",
"size": 45,
"src": "/root/.ansible/tmp/ansible-tmp-1536584403.91-155709823063677/source",
"state": "file",
"uid": 0
}
...
//受控机查看
[root@localhost ~]# ansible abc -m shell -a 'ls root/'
192.168.56.123 | SUCCESS | rc=0 >>
a123.sh
192.168.56.138 | SUCCESS | rc=0 >>
a123.sh
ansible常用模块之group
group模块用于在受控机上添加或者删除组
//在受控机上添加一个系统组,gid为306,组名mysql
[root@localhost ~]# ansible abc -m group -a 'name=mysql gid=306 state=present'
192.168.56.123 | SUCCESS => {
"changed": true,
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
}
...
在/etc/group里过滤初mysql
[root@localhost ~]# ansible abc -m shell -a 'grep mysql /etc/group'
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:306:
...
//删除受控机上的mysql组
[root@localhost ~]# ansible abc -m group -a 'name=mysql state=absent'
192.168.56.123 | SUCCESS => {
"changed": true,
"name": "mysql",
"state": "absent"
}
...
//受控机查看
[root@localhost ~]# ansible abc -m shell -a 'grep mysql /etc/group'
192.168.56.123 | FAILED | rc=1 >>
non-zero return code
ansible常用模块之user
user模块用于管理受控机的用户账号
//在受控机上添加一个系统账户,用户名为mysql,uid为306,设置shell为/sbin/nologin,无家目录
[root@localhost ~]# ansible abc -m user -a 'name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
192.168.56.123 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"system": true,
"uid": 306
}
...
//检查受控机
[root@localhost ~]# ansible abc -m shell -a 'grep mysql /etc/group'
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:306:
192.168.56.138 | SUCCESS | rc=0 >>
mysql:x:306:
查看用户
[root@localhost ~]# ansible abc -m shell -a 'ls /home'
192.168.56.123 | SUCCESS | rc=0 >>
1
192.168.56.138 | SUCCESS | rc=0 >>
1
//修改mysql用户的uid为366
[root@localhost ~]# ansible abc -m user -a 'name=mysql uid=366'
192.168.56.123 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 306,
"home": "/home/mysql",
"move_home": false,
"name": "mysql",
"shell": "/sbin/nologin",
"state": "present",
"uid": 366
}
...
//受控机查看用户
[root@localhost ~]# ansible abc -m shell -a 'grep mysql /etc/passwd'
192.168.56.123 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin
192.168.56.138 | SUCCESS | rc=0 >>
mysql:x:366:306::/home/mysql:/sbin/nologin
//删除受控机上的mysql用户
[root@localhost ~]# ansible abc -m user -a 'name=mysql state=absent'
192.168.56.123 | SUCCESS => {
"changed": true,
"force": false,
"name": "mysql",
"remove": false,
"state": "absent"
}
...
//受控机查看用户
[root@localhost ~]# ansible abc -m shell -a 'grep mysql /etc/passwd'
192.168.56.123 | FAILED | rc=1 >>
non-zero return code
...
ansible常用模块之service
service模块用于管理受控机上的服务
//查看受控机上的vsftp服务是否启动
[root@localhost ~]# ansible abc -m shell -a 'systemctl is-active vsftpd'
192.168.56.123 | FAILED | rc=3 >>
unknownnon-zero return code
//启动受控机上的vsftp服务
[root@localhost ~]# ansible abc -m service -a 'name=vsftpd state=started'
...
//查看受控机上的vsftpd服务是否启动
[root@localhost ~]# ansible abc -m shell -a 'systemctl is-active vsftpd'
192.168.56.123 | SUCCESS | rc=0 >>
active
192.168.56.138 | SUCCESS | rc=0 >>
active
//查看受控机上的vsftpd服务是否开机自启动
[root@localhost ~]# ansible abc -m shell -a 'systemctl is-enabled vsftpd'
192.168.56.123 | FAILED | rc=1 >>
disablednon-zero return code
//设置受控机上的vsftpd服务开机自动启动
[root@localhost ~]# ansible abc -m service -a 'name=vsftpd enabled=yes'
192.168.56.123 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"status": {
...
//查看受控机上的vsftpd服务是否开机自启动
[root@localhost ~]# ansible abc -m shell -a 'systemctl is-enabled vsftpd'
192.168.56.123 | SUCCESS | rc=0 >>
enabled
...
//停止受控机上的vsftpd服务
[root@localhost ~]# ansible abc -m service -a 'name=vsftpd state=stopped'
192.168.56.123 | SUCCESS => {
"changed": true,
"name": "vsftpd",
"state": "stopped",
"status": {
...
//查看受控机上的vsftpd服务是否启动
[root@localhost ~]# ansible abc -m shell -a 'systemctl is-active vsftpd'
192.168.56.123 | FAILED | rc=3 >>
inactivenon-zero return code
//查看端口
[root@localhost ~]# ansible abc -m shell -a 'ss -anlt'
192.168.56.123 | SUCCESS | rc=0 >>
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*