ansible基本学习
ansible基本学习
自动化运维工具,基于 paramiko 开发的,它是一个纯Python实现的ssh协议库。
测试使用CentOS 6.5
ansible管理节点 172.16.2.100 ansible
ansible被管理节点 172.16.2.23 localhost.localdomain
ansible安装
(基于RedHat/CentOS)
[root@ansible ~]# rpm -Uvh http://download.Fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
[root@ansible ~]# yum install ansible -y #安装ansible
[root@ansible ~]# ls /etc/ansible/ #ansible安装目录
ansible.cfg hosts roles
(基于Ubuntu/Debian)
sudo apt-get install software-properties-common
sudo apt-add-repository ppa:ansible/ansible
sudo apt-get update
sudo apt-get install ansible
(使用pip安装)
sudo pip install ansible
(使用源代码安装最新版)
cd ~
git clone git://github.com/ansible/ansible.git
cd ./ansible
source ./hacking/env-setup
当你从一个 git checkout 中运行 ansible 的时候,请记住你每次用它之前都需要设置你的环境,或者你可以把这个设置过程加入你的 bash rc 文件中:
# 加入 BASH RC
$ echo "export ANSIBLE_HOSTS=~/ansible_hosts" >> ~/.bashrc
$ echo "source ~/ansible/hacking/env-setup" >> ~/.bashrc
ansible.cfg配置文件
hostfile=/etc/ansible/hosts
#指定hosts配置文件的文职
host_key_checking=False
#不进行host_key检查,省去目标机key发生变化再次输入yes/no
ask_pass=True
#每次执行ansible命令时是否询问ssh密码
ask_sudo_pass=True
#每次执行ansible命令时是否询问sudo密码
ssh免密认证
[root@ansible ~]# echo -e "[test]\n172.16.2.23">>/etc/ansible/hosts #建立被管理节点组
[root@ansible ~]# ssh-keygen -P '' #管理端生成密钥对
[root@ansible ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected] #将公钥copy至被管理节点
ansible模块使用
[root@ansible ~]# ansible-doc -l #查看ansible支持模块
[root@ansible ~]# ansible-doc 模块名 #查看某个模块的具体用法
command模块
command模块就是“远程执行命令” 相比Ansible的内置模块而言,Command模块无法通过返回值来判断命令是否执行成功。 但
Ansible添加了creates 和 removes 的属性,以此检查命令是否成功执行或者是否应该被执行。如果你定义了 creates 属性,当文件已存
在时,它不会再执行。相反如果定义了 removes 属性,则只有文件存在的情况下命令才会被执行
[root@ansible ~]# ansible test -m command -a 'rm -rf /opt/test removes=/opt/test'
172.16.2.23 | success | rc=0 >>
[root@ansible ~]# ansible test -m command -a 'date'
172.16.2.23 | success | rc=0 >>
Sun Feb 15 10:13:04 CST 2015
shell模块
[root@ansible ~]# ansible test -a shell -a 'date'
172.16.2.23 | success | rc=0 >>
Sun Feb 15 10:19:58 CST 2015
[root@ansible ~]# ansible test -m shell -a 'rm -rf /opt/*'
172.16.2.23 | success | rc=0 >>
raw模块
#raw类似shell模块,支持管道
[root@ansible ~]# ansible test -m raw -a 'ifconfig|grep eth1'
172.16.2.23 | success | rc=0 >>
eth1 Link encap:Ethernet HWaddr 00:50:56:9B:4B:6C
yum模块
[root@ansible ~]# ansible test -m yum -a 'name=vsftpd state=present' #yum 安装vsftpd
172.16.2.23 | success >>
......
[root@ansible ~]# ansible test -m yum -a 'name=httpd state=present' #yum安装httpd
172.16.2.23 | success >>
......
service模块
[root@ansible ~]# ansible test -m service -a 'name=httpd state=started enabled=yes' #开启服务
172.16.2.23 | success >> {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
[root@ansible ~]# ansible test -m service -a 'name=vsftpd state=started enabled=yes'
172.16.2.23 | success >> {
"changed": true,
"enabled": true,
"name": "vsftpd",
"state": "started"
}
[root@ansible ~]# ansible test -m service -a 'name=vsftpd state=stopped enabled=yes' #停止服务
[root@ansible ~]# ansible test -m service -a 'name=httpd state=stopped enabled=yes'
file模块
#查看文件的属性、修改文件属性、查询文件是否被修改
[root@ansible ~]# ansible test -m file -a 'path=/etc/fstab' 查看
172.16.2.23 | success >> {
"changed": false,
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/etc/fstab",
"size": 777,
"state": "file",
"uid": 0
}
[root@ansible ~]# ansible test -m file -a 'path=/root/a.txt'
......
[root@ansible ~]# ansible test -m file -a 'path=/opt/andy state=directory mode=755 owner=andy' #建立目录
172.16.2.23 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "andy",
"path": "/opt/andy",
"size": 4096,
"state": "directory",
"uid": 500
}
[root@ansible ~]# ansible test -m file -a 'path=/opt/andy001 state=touch mode=755 owner=andy' 建立文件
172.16.2.23 | success >> {
"changed": true,
"dest": "/opt/andy001",
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "andy",
"size": 0,
"state": "file",
"uid": 500
}
copy模块
#从控制节点上拷贝文件到“受控节点”上
[root@ansible ~]# ansible test -m copy -a 'src=/root/aa.txt dest=/root/aa.txt mode=755 owner=andy'
172.16.2.23 | success >> {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/root/aa.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0755",
"owner": "andy",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1424000310.61-124321215441550/source",
"state": "file",
"uid": 500
}
setup模块
#查看远程主机的一些信息
[root@ansible ~]# ansible test -m setup
172.16.2.23 | success >> {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"172.16.2.23"
......
ping模块
#查看远程主机运行状态
[root@ansible ~]# ansible test -m ping
172.16.2.23 | success >> {
"changed": false,
"ping": "pong"
}
group模块
[root@ansible ~]# ansible test -m group -a 'gid=2015 name=isolinux'
172.16.2.23 | success >> {
"changed": true,
"gid": 2015,
"name": "isolinux",
"state": "present",
"system": false
}
user模块
[root@ansible ~]# ansible test -m user -a 'uid=2015 name=isolinux'
172.16.2.23 | success >> {
"changed": true,
"comment": "",
"createhome": true,
"group": 100,
"home": "/home/isolinux",
"name": "isolinux",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 2015
}
scripts模块
#远程节点执行本地脚本, 脚本位于控制节点
[root@ansible ~]# ansible test -m script -a '/root/aa.sh'
172.16.2.23 | success >> {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": ""
}
[root@ansible ~]# ansible test -m script -a '/root/aa.sh'
172.16.2.23 | success >> {
"changed": true,
"rc": 0,
"stderr": "",
"stdout": "nihao\n"
}
synchronize模块
#将控制节点的某个目录推送到受控节点目录下
[root@ansible test]# ansible test -m synchronize -a 'src=/opt/test dest=/tmp/ compress=yes'
172.16.2.23 | success >> {
"changed": true,
"cmd": "rsync --delay-updates -FF --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --out-format='<<CHANGED>>%i %n%L' \"/opt/test\" \"[email protected]:/tmp/\"",
"msg": "cd+++++++++ test/\n<f+++++++++ test/System.map-2.6.32-431.el6.x86_64\n<f+++++++++ test/config-2.6.32-431.el6.x86_64\n<f+++++++++ test/initramfs-2.6.32-431.el6.x86_64.img\n<f+++++++++ test/initrd-2.6.32-431.el6.x86_64kdump.img\n<f+++++++++ test/symvers-2.6.32-431.el6.x86_64.gz\n<f+++++++++ test/vmlinuz-2.6.32-431.el6.x86_64\n",
"rc": 0,
"stdout_lines": [
"cd+++++++++ test/",
"<f+++++++++ test/System.map-2.6.32-431.el6.x86_64",
"<f+++++++++ test/config-2.6.32-431.el6.x86_64",
"<f+++++++++ test/initramfs-2.6.32-431.el6.x86_64.img",
"<f+++++++++ test/initrd-2.6.32-431.el6.x86_64kdump.img",
"<f+++++++++ test/symvers-2.6.32-431.el6.x86_64.gz",
"<f+++++++++ test/vmlinuz-2.6.32-431.el6.x86_64"
]
}
由于模块,默认都是推送push。因此,如果你在使用拉取pull功能的时候,可以参考如下来实现
mode=pull 更改推送模式为拉取模式
[root@ansible test]# ansible test -m synchronize -a 'mode=pull src=/tmp/test1 dest=/opt/' 拉取受控节点目录到控制节点
172.16.2.23 | success >> {
"changed": true,
"cmd": "rsync --delay-updates -FF --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --out-
format='<<CHANGED>>%i %n%L' \"[email protected]:/tmp/test1\" \"/opt/\"",
"msg": "cd+++++++++ test1/\n>f+++++++++ test1/System.map-2.6.32-431.el6.x86_64\n>f+++++++++ test1/config-2.6.32-
431.el6.x86_64\n>f+++++++++ test1/initramfs-2.6.32-431.el6.x86_64.img\n>f+++++++++ test1/initrd-2.6.32-
431.el6.x86_64kdump.img\n>f+++++++++ test1/symvers-2.6.32-431.el6.x86_64.gz\n>f+++++++++ test1/vmlinuz-2.6.32-
431.el6.x86_64\n",
"rc": 0,
"stdout_lines": [
"cd+++++++++ test1/",
">f+++++++++ test1/System.map-2.6.32-431.el6.x86_64",
">f+++++++++ test1/config-2.6.32-431.el6.x86_64",
">f+++++++++ test1/initramfs-2.6.32-431.el6.x86_64.img",
">f+++++++++ test1/initrd-2.6.32-431.el6.x86_64kdump.img",
">f+++++++++ test1/symvers-2.6.32-431.el6.x86_64.gz",
">f+++++++++ test1/vmlinuz-2.6.32-431.el6.x86_64"
]
}
http://www.cyberciti.biz/python-tutorials/linux-tutorial-install-ansible-configuration-management-and-it-automation-tool/