ansible简介
?ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
?ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
ansible的架构
连接其他主机默认使用ssh协议
ansible core核心引擎:即ansible本身
host inventory主机清单:用来定义ansible所管理主机,默认是在ansible的hosts配置文件中定义被管理主机,同时也支持自定义动态主机清单和指定其他配置文件的位置
connect plugin连接插件:负责和被管理主机实现通信,除支持使用SSH连接被管理主机外,ansible还支持其他的连接方式,所有需要有连接插件将各个主机用连接插件连接到ansible
playbook剧本:用来集中定义ansible任务的配置文件,即将多个任务定义在一个剧本中由ansible自动执行,可以由控制主机针对多台被管理主机同时运行多个任务
core modules核心模块:是ansible自带的模块,使用这些模块将资源分发到被管理主机使其执行特定任务或匹配特定的状态
custom modules自定义模块:用于完成模块功能的补充,可借助相关插件完成记录日志,发送邮件等功能
实验环境
控制主机 192.168.13.128
被管理主机 192.168.13.129
被管理主机 192.168.13.130一,ansible的安装(在控制主机上)
1,安装ansible服务
[[email protected] ~]# systemctl stop firewalld.service ##关闭所有主机的防火墙
[[email protected] ~]# setenforce 0
[[email protected] ~]# yum install epel-release -y ##安装epel源
[[email protected] ~]# yum install ansible -y ##安装ansible服务
[[email protected] ~]# yum install tree -y
[[email protected] ~]# tree /etc/ansible/ ##查看ansible属性结构
/etc/ansible/
├── ansible.cfg ##配置文件
├── hosts ##主机清单
└── roles2,编辑hosts主机清单
[[email protected] ~]# vim /etc/ansible/hosts ##编辑ansible主机清单
[webserver]
192.168.13.129 ##web的主机地址
[mysql]
192.168.13.130 ##mysql的主机地址3,生成秘钥对,推送
[[email protected] ~]# ssh-keygen -t rsa ##生成秘钥对
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): ##回车
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase): ##输入密码
Enter same passphrase again: ##确认密码
[[email protected] ~]# ls .ssh/ ##查看秘钥
id_rsa id_rsa.pub
[[email protected] ~]# ssh-copy-id [email protected] ##上传秘钥到后面的服务器上
[[email protected] ~]# ssh-copy-id [email protected] 4,使用ansible命令行执行
[[email protected] ~]# ansible webserver -m command -a ‘date‘ ##使用ansible命令行模块执行date
Enter passphrase for key ‘/root/.ssh/id_rsa‘: ##输入秘钥密码
192.168.13.129 | CHANGED | rc=0 >>
2020年 01月 23日 星期三 23:57:16 CST
[[email protected] ~]# ansible mysql -m command -a ‘date‘
Enter passphrase for key ‘/root/.ssh/id_rsa‘:
192.168.13.130 | CHANGED | rc=0 >>
2020年 01月 23日 星期三 23:57:38 CST
[[email protected] ~]# ssh-agent bash ##免交互代理
[[email protected] ~]# ssh-add ##添加
Enter passphrase for /root/.ssh/id_rsa: ##输入秘钥
Identity added: /root/.ssh/id_rsa (/root/.ssh/id_rsa)
[[email protected] ~]# ansible webserver -m command -a ‘date‘ ##继续执行命令行模块实现免交互
192.168.13.129 | CHANGED | rc=0 >>
2020年 01月 23日 星期三 23:58:26 CST
[[email protected] ~]# ansible mysql -m command -a ‘date‘
192.168.13.130 | CHANGED | rc=0 >>
2020年 01月 23日 星期三 23:58:39 CST二,ansible模块管理
1,command命令行模块
[[email protected] ~]# ansible all -a ‘date‘
192.168.13.130 | CHANGED | rc=0 >>
2020年 01月 30日 星期四 00:17:02 CST
192.168.13.129 | CHANGED | rc=0 >>
2020年 01月 30日 星期四 00:17:02 CST
[[email protected] ~]# ansible all -a ‘ls /‘ ##查看后两台主机的根目录
##如果不加-m模块,则默认运行command模块all是所有主机2,cron计划性任务模块
[[email protected] ~]# ansible-doc -s cron ##查看cron模块信息
[[email protected] ~]# ansible webserver -m cron -a ‘minute="*/1" job="/usr/bin/echo haha" name="test haha"‘
##选择cron模块指定时间,工作内容,名称
192.168.13.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test haha"
]
}
[[email protected] ~]# ansible webserver -a ‘crontab -l‘ ##执行命令行查看计划性任务
192.168.13.129 | CHANGED | rc=0 >>
#Ansible: test haha
*/1 * * * * /usr/bin/echo haha
[[email protected] ~]# ansible webserver -m cron -a ‘name="test haha" state=absent‘ ##移除计划性任务
192.168.13.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}3,user模块(请求的是useradd,userdel,usermod三个指令)
[[email protected] ~]# ansible-doc -s user ##查看user模块信息
[[email protected] ~]# ansible all -m user -a ‘name=test‘ ##给所有主机创建test用户
192.168.13.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/test",
"name": "test",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/test",
"name": "test",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
[[email protected] ~]# ansible webserver -m user -a ‘name=test state=absent‘
##删除webserver中test用户
192.168.13.129 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "test",
"remove": false,
"state": "absent"
}4,group模块(请求的是groupadd,groupdel,groupmod三个指令)
[[email protected] ~]# ansible mysql -m group -a ‘name=mysql gid=306 system=yes‘
##创建mysql系统组
192.168.13.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"gid": 306,
"name": "mysql",
"state": "present",
"system": true
}
[[email protected] ~]# ansible mysql -a ‘tail -1 /etc/group‘ ##查看创建的情况
192.168.13.130 | CHANGED | rc=0 >>
mysql:x:306:
[[email protected] ~]# ansible mysql -m user -a ‘name=test02 uid=306 group=mysql system=yes‘
##创建系统用户test02并加入到mysql组中
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 306,
"home": "/home/test02",
"name": "test02",
"shell": "/bin/bash",
"state": "present",
"system": true,
"uid": 306
}
[[email protected] ~]# ansible mysql -a ‘id test02‘ ##查看系统用户test02的信息
192.168.13.130 | CHANGED | rc=0 >>
uid=306(test02) gid=306(mysql) 组=306(mysql)5,copy模块
[[email protected] ~]# ansible-doc -s copy ##copy模块的信息
[[email protected] ~]# ansible mysql -m copy -a ‘src=/etc/fstab dest=/opt/fstab.bak owner=root mode=644‘
##复制源到目标,属组和文件权限
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "0725780c6841b5cae04ba31a054b6090d701bc19",
"dest": "/opt/fstab.bak",
"gid": 0,
"group": "root",
"md5sum": "4a95e64f6c25098ca5e0613c5283e8f1",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 595,
"src": "/root/.ansible/tmp/ansible-tmp-1580550278.09-89338211954459/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible mysql -a ‘ls -l /opt‘ ##查看是否复制成功
192.168.13.130 | CHANGED | rc=0 >>
总用量 4
-rw-r--r--. 1 root root 595 2月 1 17:44 fstab.bak
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
[[email protected] ~]# ansible mysql -m copy -a ‘content="hello!" dest=/opt/test.txt‘
##用copy进行写入文件内容
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "8f7d88e901a5ad3a05d8cc0de93313fd76028f8c",
"dest": "/opt/test.txt",
"gid": 0,
"group": "root",
"md5sum": "5a8dd3ad0756a93ded72b823b19dd877",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:usr_t:s0",
"size": 6,
"src": "/root/.ansible/tmp/ansible-tmp-1580550521.27-190936730009060/source",
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible mysql -a ‘cat /opt/test.txt‘ ##查看写入的文件内容
192.168.13.130 | CHANGED | rc=0 >>
hello!6,file模块(文件属性)
[[email protected] ~]# ansible mysql -m file -a ‘path=/opt/test.txt owner=test02 group=mysql mode=666‘
##指定文件的属主,属组,文件的权限
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"gid": 306,
"group": "mysql",
"mode": "0666",
"owner": "test02",
"path": "/opt/test.txt",
"secontext": "system_u:object_r:usr_t:s0",
"size": 6,
"state": "file",
"uid": 306
}
[[email protected] ~]# ansible mysql -a ‘ls -l /opt/test.txt‘ ##查看文件的属性
192.168.13.130 | CHANGED | rc=0 >>
-rw-rw-rw-. 1 test02 mysql 6 2月 1 17:48 /opt/test.txt
[[email protected] ~]# ansible mysql -m file -a ‘src=/opt/test.txt path=/opt/test.txt.link state=link‘
##创建链接性文件
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/test.txt.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 13,
"src": "/opt/test.txt",
"state": "link",
"uid": 0
}
[[email protected] ~]# ansible mysql -a ‘ls -l /opt/‘ ##查看文件的属性
192.168.13.130 | CHANGED | rc=0 >>
总用量 8
-rw-r--r--. 1 root root 595 2月 1 17:44 fstab.bak
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
-rw-rw-rw-. 1 test02 mysql 6 2月 1 17:48 test.txt
lrwxrwxrwx. 1 root root 13 2月 1 17:55 test.txt.link -> /opt/test.txt
[[email protected] ~]# ansible mysql -m file -a ‘path=/opt/abc.txt state=touch‘ ##创建一个空文件
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"dest": "/opt/abc.txt",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
[[email protected] ~]# ansible mysql -a ‘ls -l /opt/‘ ##查看创建情况
192.168.13.130 | CHANGED | rc=0 >>
总用量 8
-rw-r--r--. 1 root root 0 2月 1 17:57 abc.txt
-rw-r--r--. 1 root root 595 2月 1 17:44 fstab.bak
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
-rw-rw-rw-. 1 test02 mysql 6 2月 1 17:48 test.txt
lrwxrwxrwx. 1 root root 13 2月 1 17:55 test.txt.link -> /opt/test.txt
[[email protected] ~]# ansible mysql -m file -a ‘path=/opt/abc.txt state=absent‘ ##删除文件
192.168.13.130 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"path": "/opt/abc.txt",
"state": "absent"
}
[[email protected] ~]# ansible mysql -a ‘ls -l /opt/‘ ##查看文件的信息
192.168.13.130 | CHANGED | rc=0 >>
总用量 8
-rw-r--r--. 1 root root 595 2月 1 17:44 fstab.bak
drwxr-xr-x. 2 root root 6 3月 26 2015 rh
-rw-rw-rw-. 1 test02 mysql 6 2月 1 17:48 test.txt7,ping模块(测试被管理主机是否在线)
[[email protected] ~]# ansible all -m ping
192.168.13.130 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.13.129 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}8,yum模块
[[email protected] ~]# ansible-doc -s yum ##yum模块信息
[[email protected] ~]# ansible webserver -m yum -a ‘name=httpd‘ ##安装httpd服务
[[email protected] ~]# ansible webserver -m yum -a ‘name=httpd state=absent‘ ##移除服务9,service模块
[[email protected] ~]# ansible webserver -m service -a ‘name=httpd enabled=true state=started‘
##开启httpd服务
[[email protected] ~]# ansible webserver -a ‘systemctl status httpd‘ ##查看开启的情况10,shell模块
[[email protected] ~]# ansible webserver -m user -a ‘name=jerry‘ ##创建用户
[[email protected] ~]# ansible webserver -m shell -a ‘echo abc123 | passwd --stdin jerry‘ ##创建密码
192.168.13.129 | CHANGED | rc=0 >>
更改用户 jerry 的密码 。
passwd:所有的身份验证令牌已经成功更新。11,script模块(脚本模块)
[[email protected] ~]# cd /opt/
[[email protected] opt]# vim test.sh ##编辑脚本文件
#!/bin/bash
echo "this is test script" > /opt/script.txt
chmod 666 /opt/script.txt
[[email protected] opt]# chmod +x test.sh ##给执行权限
[[email protected] opt]# ansible all -m script -a ‘test.sh‘ ##执行脚本
[[email protected] opt]# ansible all -a ‘cat /opt/script.txt‘ ##查看执行情况
192.168.13.130 | CHANGED | rc=0 >>
this is test script
192.168.13.129 | CHANGED | rc=0 >>
this is test script12,setup模块(收集信息模块)
[[email protected] opt]# ansible mysql -m setup ##查看mysql主机的信息谢谢阅读!
原文地址:https://blog.51cto.com/14080162/2468776
时间: 2024-09-28 02:53:44