项目背景:
为了满足我们公司配置管理、应用部署、执行特定任务可以实现自动化,我们需要在自己公司服务器上搭建一个集中化管理平台。实现运维自动化!!!节省机器、人员开支,减轻我们运维人员的压力,而且让我们运维流程体系更规范化。
实验环境:
vmware workstation 11
centos6.5的系统下
ansible服务器:ip:192.168.0.10 hostname:real_server01 防火墙关闭 setenforce 0
ansible测试机:ip:192.168.0.44 hostname:ansible.client.com 防火墙关闭 setenforce 0
SecureCRT (ssh远程连接软件)
软件介绍
Ansible是一种集成IT系统的配置管理、应用部署、执行特定任务的开源平台,它是基于python语言,由Paramiko和PyYAML两个关键模块构建。集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。
ansible软件的一些特性:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
ansible特点:
部署简单,只需要在主控端部署Ansible环境,被控端不用做任何操作。#这个特点我就爱死了!!
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作; #SSH2
(6)、strong multi-tier solution:可实现多级指挥。
(7)ansible基于推送模式的方式最显著的优点是:直接由你来控制变更在服务器上发生的时间。你不需要等着计时器过期。
(8)模块是幂等性的。如果用户“deploy”不存在,Ansible 就创建它。如果存在,Ansible 不会做任何事。幂等性是个非常赞的特性,因为它意味着向同一台服务器多次执行同一个Ansible playbook 是安全的。相对于一般运维团队自己编写的shell 脚本来说,这是一个非常大的优势。运维团队自己编写的脚本在第二次执行的时候很可能会带来不一样的(并且很可能是意外的)影响。
(9)幂等性相对于收敛性的优越性:如果一个配置管理系统是收敛性的,那么这个系统也许需要多次运行才能将服务器置于期望的状态。而在这个过程中的每一次运行,都会使服务器更接近于那个状态。但是我们的ansible只需要运行一次playbook 就可以将每台服务器都置为期望的状态。所以说很cool!!!
Ansible 不仅是配置管理的利器,也是用于部署的神兵。对于负责运维的人来说,用一个简单的工具就可以同时完成配置管理和部署的工作,生活都瞬间变得美好了。
软件的常见的一些模块:
远程命令模块:有command、script、shell模块
copy模块:远程拷贝,类似scp
stat模块:获取远程文件状态信息
get_url模块:下载远程主机的指定url到本地
yum模块:软件包管理操作
cron模块:远程主机定时操作
mount模块:远程主机分区挂载
service模块:远程主机系统服务管理
sysctl包管理模块:远程主机sysctl配置
user模块:远程主机系统用户管理
实验流程 :
一、
epel源配置:
http://www.centoscn.com/CentOS/config/2014/0920/3793.html
一个很好的线上文档。(如果有问题的话,可以在下面留言,我看到的话会回复。)
二、ansible软件安装
yum安装:
1、软件安装
[root@real_server01 ~]# yum install ansible -y
2、查看已安装的ansible软件
[root@real_server01 ~]# rpm -q ansible
ansible-1.9.4-1.el6.noarch
可以看到安装成功了!
3、查看软件的使用:
[root@real_server01 ~]# ansible #我们直接在命令行里输入ansible,回车。
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-become-pass ask for privilege escalation password
-k, --ask-pass ask for SSH password
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-b, --become run operations with become (nopasswd implied)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | runas ]
--become-user=BECOME_USER
run operations as this user (default=None)
-C, --check don't make any changes; instead, try to predict some
of the changes that may occur
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY
specify inventory host file
(default=/etc/ansible/hosts)
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
-o, --one-line condense output
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--private-key=PRIVATE_KEY_FILE
use this file to authenticate the connection
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-T TIMEOUT, --timeout=TIMEOUT
override the SSH timeout in seconds (default=10)
-t TREE, --tree=TREE log output to this directory
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=root)
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
可以看到会有大量的输出,我们就是根据自己的需求灵活应用上面的命令。
三、对/etc/ansible/hosts 进行修改,用来符合我们的需求。
[root@real_server01 ~]# cat /etc/ansible/hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#这里用户或者域名!!!!
ansible.client.com
192.168.0.44
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
#这里定义用户组,用户可以写主机名,或者主机ip,定义到组里的就是一个整体了。
[webservers]
ansible.client.com
192.168.0.44
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com #定义有规律的一段主机
# Ex 3: A collection of database servers in the 'dbservers' group
#这里也是定义用户组,我们操作的时候直接对用户组名操作
[dbservers]
ansible.client.com
192.168.0.44
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com #定义有规律的一段主机
四、查看ansible的模块列表
因为ansible是模块化的,所以你如果想用好它,那么肯定得会查吧
1、获取模块列表!
[root@real_server01 ~]# ansible-doc -l
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
acl Sets and retrieves file ACL information.
add_host add a host (and alternatively a group) to the ansible-playbook in-memory inve...
airbrake_deployment Notify airbrake about app deployments
alternatives Manages alternative programs for common commands
apache2_module enables/disables a module of the Apache2 webserver
apt Manages apt-packages
apt_key Add or remove an apt key
apt_repository Add and remove APT repositories
apt_rpm apt_rpm package manager
assemble Assembles a configuration file from fragments
assert Fail with custom message
at Schedule the execution of a command or script file via the at command.
authorized_key Adds or removes an SSH authorized key
azure create or terminate a virtual machine in azure
bigip_facts Collect facts from F5 BIG-IP devices
bigip_monitor_http Manages F5 BIG-IP LTM http monitors
bigip_monitor_tcp Manages F5 BIG-IP LTM tcp monitors
: #你回车的话会一直展示
2、获取制定模块的使用信息
[root@real_server01 ~]# ansible-doc -s acl
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
- name: S e t s a n d r e t r i e v e s f i l e A C L i n f o r m a t i o n .
action: acl
default # if the target is a directory, setting this to yes will make it the default acl f
entity # actual user or group that the ACL applies to when matching entity types user or
entry # DEPRECATED. The acl to set or remove. This must always be quoted in the form of
etype # the entity type of the ACL to apply, see setfacl documentation for more info.
follow # whether to follow symlinks on the path if a symlink is encountered.
name= # The full path of the file or object.
permissions # Permissions to apply/remove can be any combination of r, w and x (read, write a
state # defines whether the ACL should be present or not. The `query' state gets the cu
如果我们想知道如何使用某一个模块的话我们可以这样查看。
五、通过ping模块测试知己的连通性
六、设置ssh免密码登录
目的:为了让我们可以远程执行一些命令不用输入密码 ,实现任务自动化。
http://9399369.blog.51cto.com/9389369/1750915
《配置ssh的双机信任》这篇博文是我前段时间写的,你可以参考一下。
七、设置ssh免密码登录后,使用ping模块
可以看到不用输入密码即可测试
八、上面我们设置了/etc/ansible/hosts,我们使用下组名测试ping模块
可以看到直接就运行成功了,你想如果里面有100个的话直接就运行完了,你想会多震撼。
九、在远程主机执行命令,返回输出到ansible服务器上。
十、远程文件的拷贝。
1、在ansible服务器上操作
2、去远程主机上面查看是否有test.txt文件
十一、软件下载。
1、在ansible服务器上操作
[root@real_server01 home]# ansible webservers -m yum -a "name=htop state=latest"
192.168.0.44 | success >> {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, priorities, refresh-packagekit, security\nLoading mirror speeds from cached hostfile\n * base: mirror.bit.edu.cn\n * epel: ftp.cuhk.edu.hk\n * extras: mirrors.yun-idc.com\n * remi-safe: rpms.remirepo.net\n * updates: mirrors.yun-idc.com\nSetting up Install Process\nResolving Dependencies\n--> Running transaction check\n---> Package htop.x86_64 0:1.0.1-2.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n htop x86_64 1.0.1-2.el6 epel 75 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 75 k\nInstalled size: 161 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : htop-1.0.1-2.el6.x86_64 1/1 \n\r Verifying : htop-1.0.1-2.el6.x86_64 1/1 \n\nInstalled:\n htop.x86_64 0:1.0.1-2.el6 \n\nComplete!\n"
]
}
ansible.client.com | success >> {
"changed": true,
"msg": "Existing lock /var/run/yum.pid: another copy is running as pid 3365.\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 19 M RSS (218 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:01 ago\n State : Running, pid: 3365\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 22 M RSS (777 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:03 ago\n State : Sleeping, pid: 3365\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 40 M RSS (785 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:05 ago\n State : Uninterruptible, pid: 3365\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 50 M RSS (796 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:07 ago\n State : Running, pid: 3365\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 73 M RSS (818 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:09 ago\n State : Running, pid: 3365\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 88 M RSS (832 MB VSZ)\n Started: Tue Apr 5 21:10:01 2016 - 00:11 ago\n State : Running, pid: 3365\n",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, priorities, refresh-packagekit, security\nLoading mirror speeds from cached hostfile\n * base: mirror.bit.edu.cn\n * epel: ftp.cuhk.edu.hk\n * extras: mirrors.yun-idc.com\n * remi-safe: rpms.remirepo.net\n * updates: mirrors.yun-idc.com\nSetting up Install Process\nPackage htop-1.0.1-2.el6.x86_64 already installed and latest version\nNothing to do\n"
]
}
2、去远程主机上查看是否安装成功
我们可以通过上面的操作批量安装软件,有没有很快捷!!!!
十二、启动、关闭、重启httpd服务
1、启动httpd服务
2、关闭httpd服务
我们可以使用上面的命令批量的管理服务。
项目总结:
ansible的强大,好用,相信大家都有所了解了 ,希望我写的博文可以对你们公司起到一定积极的作用,让大家对ansbile有一定的认识和了解。谢谢大家。