Ansible

ansible的基本安装与使用

  • 基本环境准备: centos7, 安装epel-release
  • 节点数量: 3+

安装与配置

  • 只需要一台主控节点
$ yum -y install epel-release ansible
  • 配置ansible的主机清单
$ vim /etc/ansible/hosts 
[webservers]
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s  
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
  • 配置免交互ssh认证和日志记录
$ vim /etc/ansible/ansible.cfg
host_key_checking = False
log_path = /var/log/ansible.log
  • 基本测试
$ ansible webservers -m ping
$ ansible webservers -a "free -m"
$ ansible --version    #查看版本
ansible 2.9.10
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  7 2019, 00:51:29) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]

配置文件

  • /etc/ansible/ansible.cfg : 默认位置

重要参数:

  • inventory: 指定主机清单位置
  • forks:并行任务数量
  • sudo_user: 是否提权
  • remote_port: 远控ssh端口
  • host_key_checking: 关闭sshkey交互认证
  • log_path: 日志
  • private_key_file: 私钥认证文件

主机清单(inventory)

  • 普通分组
  • 正则分组
  • 官方文档:https://docs.ansible.com/

变量定义

  • 主机变量和主机组变量的定义: 单独的主机变量的优先级高于组变量的优先级
$ vim /etc/ansible/hosts                      
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s http_port=80
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
[webservers:vars]
http_port=8080
server_name=www.baidu.com

$ ansible webservers -a "echo {{ http_port }}"    #获取定义变量
192.168.56.14 | CHANGED | rc=0 >>
8080
192.168.56.13 | CHANGED | rc=0 >>
8080
192.168.56.12 | CHANGED | rc=0 >>
8080
192.168.56.11 | CHANGED | rc=0 >>
80
  • 抽离出的组变量: 方便引用
$ mkdir /etc/ansible/group_vars
$ vim /etc/ansible/group_vars/webservers.yml
http_port: 8080
server_name: 222.baidu.com
$ vim /etc/ansible/hosts          #去掉此处定义的vars             
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s http_port=80
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.13 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.14 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
$ ansible webservers -a "echo {{ http_port }}"
$ ansible webservers -a "echo {{ server_name }}"

ad-hoc

常用的选项

  • -a: 指定命令参数
  • -C: 检查
  • -e: 指定参数
  • -f: 指定并发个数
  • -i:指定inventory
  • -m: 指定模块
  • -u :指定用户
  • -k: 指定密码,交互式连接
  • --private-key
  • --become-method: 指定sudo,或者切换用户执行
  • --become-user: 提权用户,比如提权成root
$ ansible webservers -m shell -a "echo 123 >> /tmp/123"
$ ansible webservers -m shell -a "cat  /tmp/123"  

ssh 密码认证

$ vim /etc/ansible/hosts          #去掉此处定义的vars             
[webservers]
192.168.56.11 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s
192.168.56.12 ansible_ssh_user=root ansible_ssh_pass=yeecallk8s

ssh 密钥认证 (免密)

$ ssh-keygen 
$ ssh-copy-id [email protected]
$ ssh-copy-id [email protected]
$ vim /etc/ansible/hosts        
[others]
192.168.56.12
192.168.56.13

ansible常用的模块

  • 执行shell命令(command,shell)
    • shell 支持管道,推荐使用shell模块
  • 文件传输(file,copy)
    • state: absent, directory, file, hard, link, touch
$ ansible all -m file -a "dest=/tmp/aaa mode=600 state=directory"
$ ansible all -m shell -a "ls -l /tmp/aaa"
$ ansible all -m file -a "dest=/tmp/aaa state=absent"    #删除目录或者文件,会递归删除
  • 管理软件包(yum)
    • install (present' orinstalled', latest'), or remove (absent' or `removed') a package
$  ansible all -m yum -a "name=epel-release state=latest" 
$  ansible all -m yum -a "name=jq state=latest" 
$  ansible 192.168.56.11 -m yum -a "name=memcached state=latest"
$  ansible 192.168.56.11 -m yum -a "name=memcached state=removed"
  • 用户和组(user)
    • state: absent(删除), present (创建)

提权执行命令

$ ansible all -m user -a "name=ops password=123456"    #创建ops用户
$ ansible all -m shell -a "echo 'ops    ALL=(ALL)       ALL' >> /etc/sudoers"     #给予sudo权限
$ ansible all -m shell -a "tail  /etc/sudoers"     #确认是否添加成功
$ ansible all -m shell -a "ls /root/" -u ops --become-user=root -k    #使用ops查看/root
  • 从源代码管理系统部署(git)
$ ansible all -m yum -a "name=git state=latest" 
$ mkdir /opt/ansible
$ ansible 192.168.56.11 -m git -a "repo=https://github.com/ansible/ansible.git dest=/opt/ansible/"
  • 服务管理(service)
    • state: reloaded, restarted, started, stopped
    • enable=true : 设置开机自启动
$ ansible 192.168.56.11 -m yum -a "name=memcached state=latest"
$ ansible 192.168.56.11 -m service -a "name=memcached state=restarted"
  • 收集主机信息(setup)
$ ansible 192.168.56.11 -m setup
$ ansible 192.168.56.11 -m setup -a "filter=ansible_processor"   #信息过滤