一、基础知识:
1. 简介
ansible基于python开发,集合了众多运维工具的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。
真正具有批量部署的是ansible运行的模块,ansible只是一个框架
ansible架构
(1) 连接插件connection plugins: 负责和被监控端实现通信;
(2) host inventory: 指定操作的主机,是一个配置文件里面定义监控的主机
(3) 各种模块核心模块、command模块、自定义模块;
(4) 借助于插件完成记录日志邮件等功能;
(5) playbook: 剧本执行多个任务时,非必须可以让节点一次性运行多个任务。
2、特性:
(1) no agents: 不需要在被管理主机上安装任务agent
(2) no server: 无服务器端,使用时,直接运行命令即可
(3) modules in any languages: 基于模块工作,可使用任意语言开发模块
(4) yaml not code:使用yaml语言定制剧本playbook
(5) ssh by default:基于SSH工作
(6) strong multi-tier solution: 可实现多级指挥
3、优点:
(1) 轻量级,无需在客户端安装agent,更新时,只需要在操作机上进行一次更新即可;
(2) 批量任务可以写成脚本,而且不用分发到远程就可以执行
(3) 使用python编写,维护简单
(4) 支持sudo
ansible原理二、ansible安装
1.1 rpm包安装
epel源:
centos6:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
enabled=1
gpgcheck=0
centos7
[epel]
name=qinghuadaxue centos $releasever dvd
baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/x86_64/ enabled=1
gpgcheck=0
[[email protected] ~]# yum install ansible -y三、ansible常用选项
1、常用参数:
ansible <host-pattern> [-m module_name][-a args]--version 显示版本
-m module 指定模块,默认为command
-v 详细过程 –vv -vvv更详细
--list-hosts 显示主机列表,可简写—list
-k, --ask-pass 提示输入ssh连接密码,默认Key验证
-K, --ask-become-pass 提示输入sudo时的口令
-C, --check 检查,并不执行
-T, --timeout=TIMEOUT 执行命令的超时时间,默认10s
-u, --user=REMOTE_USER 执行远程执行的用户
-b, --become 代替旧版的sudo 切换
ansible-doc: 显示模块帮助
ansible-doc options
-a 显示所有模块的文档
-l, --list 列出可用模块
-s, --snippet显示指定模块的playbook片段
示例:
ansible-doc –l 列出所有模块
ansible-doc ping 查看指定模块帮助用法
ansible-doc –s ping 查看指定模块帮助用法
2、ansible的Host-pattern
逻辑与
ansible “websrvs:&dbsrvs” –m ping
在websrvs组并且在dbsrvs组中的主机
逻辑非
ansible ‘websrvs:!dbsrvs’ –m ping
在websrvs组,但不在dbsrvs组中的主机
注意:此处为单引号
综合逻辑
ansible ‘websrvs:dbsrvs:&appsrvs:!ftpsrvs’ –m ping
正则表达式
ansible “websrvs:&dbsrvs” –m ping
ansible “~(web|db).*.magedu.com” –m ping
四、常用模块介绍
copy模块
目的:把主控本地文件拷贝到远程节点上
[[email protected] ~]# ansible 192.168.118.14 -m copy -a "src=/root/bigfile dest=/tmp"
192.168.118.14 | SUCCESS => {
......
}
file模块
目的:更改指定节点上文件的权限、属主和属组
[[email protected] ~]# ansible 192.168.118.14 -m file -a "dest=/tmp/bigfile mode=777 owner=root group=root"
192.168.118.14 | SUCCESS => {
......
}script模块
目的:通过在对方主机执行本机上脚本文件,并将信息返回到本机
[[email protected] /app]# ansible test -m script -a "/app/f.sh"
192.168.10.101 | SUCCESS => {
......
}cron模块
目的:在指定节点上定义一个计划任务,每三分钟执行一次。
[[email protected] ~]# ansible all -m cron -a ‘name="Cron job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/bin/ntpdate tiger.sina.com.cn"‘
192.168.118.14 | SUCCESS => {
......
} fetch模块
目的 :从客户端取文件至服务器端,copy相反,目录可先tar
[[email protected] /app]# ansible test -m fetch -a "src=/app/f.sh dest=/app/"
192.168.10.101 | SUCCESS => {
......
}
192.168.10.2 | SUCCESS => {
......
}
[[email protected] /app]# ls
192.168.10.101 192.168.10.2
可以看出在本机dest下生成两个目录分别存放所拉取得文件group模块
目的:在远程节点上创建一个组名为ansible,gid为2016的组
[[email protected] ~]# ansible 192.168.118.14 -m group -a "name=ansible gid=2016"
192.168.118.14 | SUCCESS => {
......
}user模块
目的:在指定节点上创建一个用户名为ansible,组为ansible的用户
[[email protected] ~]# ansible 192.168.118.14 -m user -a "name=ansible uid=2016 group=ansible state=present"
192.168.118.14 | SUCCESS => {
......
}
删除远端节点用户,注意:删除远程用户,但是不会删除该用户的家目录
[[email protected] ~]# ansible 192.168.118.14 -m user -a "name=ansible state=absent"
192.168.118.14 | SUCCESS => {
......
} yum 模块
目的:在远程节点安装vsftpd
[[email protected] ~]# ansible 192.168.118.14 -m yum -a ‘name=vsftpd state=present‘
192.168.118.14 | SUCCESS => {
......
}卸载写法:
[[email protected] ~]# ansible 192.168.118.14 -m yum -a ‘name=vsftpd state=removed‘
192.168.118.14 | SUCCESS => {
......
}service模块
启动
[[email protected] ~]# ansible 192.168.118.14 -m service -a ‘name=vsftpd state=started enabled=yes‘
192.168.118.14 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"state": "started"
}
停止
[[email protected] ~]# ansible 192.168.118.14 -m service -a ‘name=vsftpd state=stopped enabled=yes‘
192.168.118.14 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "vsftpd",
"state": "stopped"
} ping模块
[[email protected] ~]# ansible 192.168.118.14 -m ping
192.168.118.14 | SUCCESS => {
"changed": false,
"ping": "pong"
}command模块
[[email protected] ~]# ansible 192.168.118.14 [-m command] -a ‘w‘ # -m command可以省略就表示使用命名模块
192.168.118.14 | SUCCESS | rc=0 >>
14:00:32 up 3:51, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM [email protected] IDLE JCPU PCPU WHAT
root pts/0 192.168.118.69 18:09 3:29 0.12s 0.12s -bash
root pts/1 192.168.118.13 14:00 0.00s 0.04s 0.00s /bin/sh -c LANG注意: ansible srvs -m command -a ‘echo magedu |passwd --stdin wang’ 不成功
command模块不支持 $VARNAME < > | ; & 等,用shell模块实现
shell模块
[[email protected] ~]# ansible test -m shell -a "echo ‘$HOSTNAME‘"
192.168.10.101 | SUCCESS | rc=0 >>
centos7.5
192.168.10.2 | SUCCESS | rc=0 >>
centos7.5
[[email protected] ~]# ansible test -m shell -a ‘echo "$HOSTNAME"‘
192.168.10.101 | SUCCESS | rc=0 >>
server01
192.168.10.2 | SUCCESS | rc=0 >>
centos6.magedu.com注意:上面$HOSTNAME的单双引号的位置,单引号为强应用,双引号为弱引用。
raw模块
主要的用途是在command中添加管道符号
[[email protected] ~]# ansible 192.168.118.14 -m raw -a ‘hostname | tee‘
192.168.118.14 | SUCCESS | rc=0 >>
localhost.localdomain
get_url模块
目的:将http://192.168.118.14/1.png 下载到本地
[[email protected] ~]# ansible 192.168.118.14 -m get_url -a ‘url=http://192.168.118.14/1.png dest=/tmp‘
192.168.118.14 | SUCCESS => {
......
}
synchronize模块
目的:将主空方目录推送到指定节点/tmp目录下
[[email protected] ~]# ansible 192.168.118.14 -m synchronize -a ‘src=/root/test dest=/tmp/ compress=yes‘
192.168.118.14 | SUCCESS => {
......
}五、ansible playbooks
4.1 http安装:
- hosts: eb
vars:
http_port: 80
max_clients: 256
remote_user: root
tasks:
- name: ensure apache is at the latest version
yum: name=httpd state=latest
- name: ensure apache is running
service: name=httpd state=started
4.2 mysql安装
- hosts: 192.168.118.14
vars:
remote_user: root
max_clients: 256
mysql_name: "mysql-server"
tasks:
- name: ensure install mysql
yum: name="{{mysql_name}}" state=present
- name: ensure apache is running
service: name=mysqld state=started - handlers
用于当关注的资源发生变化时采取一定的操作.
“notify”这个action可用于在每个play的最后被触发,这样可以避免多次有改变发生时每次都执行指定的操作,取而代之,仅在所有的变化发生完成后一次性地执行指定操作。在notify中列出的操作称为handler,也即notify中调用handler中定义的操作。
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: install apache 5 yum: name=httpd 6 - name: install config 7 copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf 8 notify: 9 - restart httpd # 这触发 restart httpd 动作 10 - name: start httpd 11 service: name=httpd state=started 12 handlers: 13 - name: restart httpd 14 service: name=httpd state=restarted注意:测试使用ansible2.1版本,每执行一次如上脚本,- name: start httpd都会执行一次,因此可以不用使用handlers
- 调用setup模块中的变量
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: copy file 5 copy: content="{{ansible_all_ipv4_addresses}}" dest=/tmp/a.txt - when 条件判断
1 - hosts: all 2 remote_user: root 3 vars: 4 - username: test 5 tasks: 6 - name: create {{ username }} user. 7 user: name={{ username }} 8 when: ansible_fqdn == "localhost.localdomain" # 当条件匹配到,才会创建test用户 - 使用with_items进行迭代
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: yum install packages 5 yum: name={{ item.name }} state=present 6 with_items: 7 - { name: ‘mysql-server‘ } 8 - { name: ‘vsftpd‘ } - template 使用
使用场景: 当多个服务修改的参数不一致时。
拷贝/etc/httpd/conf/httpd.conf到指定目录,修改Listen使用变量
Listen {{ http_port }}在ansible hosts中定义变量
14 [web]
15 192.168.2.12 http_port=8000剧本写法:
8 - name: install config
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf # 使用template模块
[[email protected] ~]# cat httpd.yml
- hosts: all
remote_user: root
tasks:
- name: install http
yum: name=httpd state=present
- name: copy file
template: src=/root/httpd.j2 dest=/etc/httpd/conf/httpd.conf
notify:
- restart httpd
- name: restart httpd
service: name=httpd state=started
handlers:
- name: restart httpd
service: name=httpd state=restarted
[web]
192.168.118.14 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=8888 maxClients=50
[myhost]
192.168.118.49 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=9999 maxClients=100- tag的使用
使用场景:当一个playbook只需要执行某一个步骤的时候定义
剧本写法
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf
10 tags:
11 - conf- roles的用法:
mkdir -pv ansible_playbooks/roles/web/{templates,files,vars,tasks,meta,handlers} cp -a /etc/httpd/conf/httpd.conf files/ vim tasks/main.yml 1 - name: install httpd 2 yum: name=httpd 3 - name: install configuration file 4 copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf 5 tags: 6 - conf 7 notify: 8 - restart httpd 9 - name: start httpd 10 service: name=httpd state=started vim handlers/main.yml 1 - name: restart httpd 2 service: name=httpd state=restarted[[email protected] ansible_playbooks]# ls
roles site.yml
[[email protected] ansible_playbooks]# vim site.yml
1 - hosts: web
2 remote_user: root
3 roles:
4 - web
[[email protected] ansible_playbooks]ansible-playbook site.yml
原文地址:http://blog.51cto.com/11637832/2156928
时间: 2024-08-19 18:46:38