Ansible简介
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
通过Apt (Ubuntu)安装最新发布版本
[email protected]:~# apt-add-repository ppa:ansible/ansible
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.
http://ansible.com/
More info: https://launchpad.net/~ansible/+archive/ubuntu/ansible
Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmpi636boen/secring.gpg‘ created
gpg: keyring `/tmp/tmpi636boen/pubring.gpg‘ created
gpg: requesting key 7BB9C367 from hkp server keyserver.ubuntu.com
gpg: /tmp/tmpi636boen/trustdb.gpg: trustdb created
gpg: key 7BB9C367: public key "Launchpad PPA for Ansible, Inc." imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
OK
[email protected]:~# apt-get update -y
[email protected]:~# apt-get install ansible -y
配置 无密码访问
[email protected]:/etc/ansible# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rSrNWrBMLzr7gUUqVZZUQU+bUYiVVoqev37/r3Xfmck [email protected]
The key‘s randomart image is:
+---[RSA 2048]----+
| .+++++=o |
| o. .++= |
| . . ..= |
| . o . . . |
|. . + o S . |
| . = + . . |
| . =oo o o|
| ...+o. .. ..B|
| o+oo..o. ...oE+|
+----[SHA256]-----+
[email protected]:/etc/ansible# ssh-copy-id 192.168.13.143
[email protected]:/etc/ansible# ssh-copy-id 192.168.13.144
[email protected]:~# vim /etc/ansible/hosts
192.168.13.143
192.168.13.144
[openstack] #主机组:openstack
192.168.13.30
192.168.13.33
192.168.13.45
简单测试1
[email protected]:~# ansible all -m ping
192.168.13.143 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.13.144 | SUCCESS => {
"changed": false,
"ping": "pong"
}
简单测试2
[email protected]:~# ansible all -m command -a ‘uptime‘
192.168.13.144 | SUCCESS | rc=0 >>
07:39:00 up 6:02, 2 users, load average: 0.00, 0.00, 0.00
192.168.13.143 | SUCCESS | rc=0 >>
07:39:00 up 5:58, 2 users, load average: 0.06, 0.03, 0.01
[email protected]:~# ansible openstack -m command -a ‘uptime‘
192.168.13.33 | SUCCESS | rc=0 >>
15:43:18 up 4 days, 1:38, 1 user, load average: 0.30, 0.26, 0.30
192.168.13.45 | SUCCESS | rc=0 >>
15:43:27 up 13 days, 1:08, 1 user, load average: 0.12, 0.08, 0.08
192.168.13.30 | SUCCESS | rc=0 >>
15:43:27 up 26 days, 1:39, 2 users, load average: 10.40, 10.49, 10.24
[email protected]:~#
常用模块介绍
1、setup:用来查看远程主机的一些基本信息
[email protected]:~# ansible openstack -m setup |more
2、ping: 用来测试远程主机的运行状态
[email protected]:~# ansible openstack -m ping
3、file:设置文件的属性
file选项如下:
force:需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
group:定义文件/目录的属组
mode:定义文件/目录的权限
owner:定义文件/目录的属主
path:必选项,定义文件/目录的路径
recurse:递归设置文件的属性,只对目录有效
src:被链接的源文件路径,只应用于state=link的情况
dest:被链接到的路径,只应用于state=link的情况
state:
directory:如果目录不存在,就创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件
[email protected]:# ansible openstack -m file -a ‘src=/etc/resolv.conf dest=/home/resolv.conf state=link‘
192.168.13.33 | SUCCESS => {
"changed": true,
"dest": "/home/resolv.conf",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 16,
"src": "/etc/resolv.conf",
"state": "link",
"uid": 0
}
查看执行结果:-m command 在远端执行命令
[email protected]:~# ansible openstack -m command -a ‘ls /home‘
[email protected]:~# ansible openstack -m command -a ‘ls /home‘
192.168.13.33 | SUCCESS | rc=0 >>
andy
resolv.conf
[email protected]:~# ansible openstack -m file -a ‘path=/home/resolv.conf state=absent‘
[email protected]:~# ansible openstack -m file -a ‘path=/home/resolv.conf state=absent‘
192.168.13.45 | SUCCESS => {
"changed": true,
"path": "/home/resolv.conf",
"state": "absent"
}
4、copy:复制文件到远程主机
相关选项如下:
backup:在覆盖之前,将源文件备份,备份文件包含时间信息。有两个选项:yes|no
content:用于替代“src”,可以直接设定指定文件的值
dest:必选项。要将源文件复制到的远程主机的绝对路径,如果源文件是一个目录,那么该路径也必须是个目录
directory_mode:递归设定目录的权限,默认为系统默认权限
force:如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标主机的目标位置不存在该文件时,才复制。默认为yes
others:所有的file模块里的选项都可以在这里使用
src:被复制到远程主机的本地文件,可以是绝对路径,也可以是相对路径。如果路径是一个目录,它将递归复制。在这种情况下,如果路径使用“/”来结尾,则只复制目录里的内容,如果没有使用“/”来结尾,则包含目录在内的整个内容全部复制,类似于rsync。
[email protected]:~# ansible openstack -m copy -a ‘src=/root/aa.txt dest=/tmp‘
5、command:在远端主机上执行命令
相关选项如下:
creates:一个文件名,当该文件存在,则该命令不执行
free_form:要执行的linux指令
chdir:在执行指令之前,先切换到该目录
removes:一个文件名,当该文件不存在,则该选项不执行
executable:切换shell来执行指令,该执行路径必须是一个绝对路径
#ansible openstack -m command -a ‘uptime‘
[email protected]:~# ansible openstack -m command -a ‘uptime‘
192.168.13.30 | SUCCESS | rc=0 >>
16:11:43 up 27 days, 2:08, 3 users, load average: 7.11, 7.81, 8.92
6、shell:切换到某个shell执行指定的命令,参数与command相同
与command不同的是,此模块可以支持命令管道,同时还有另一个模块也具备此功能:raw
[email protected]:~# vim data.sh
[email protected]:~# date +%F_%H:%M:%S
2016-08-24_08:16:50
[email protected]:~# chmod +x data.sh
[email protected]:~# ansible openstack -m copy -a ‘src=/root/data.sh dest=/tmp owner=root group=root mode=0755‘
192.168.13.30 | SUCCESS => {
"changed": true,
"checksum": "a0c5ebf2b8c213d26a864ff89b381afc2b1eb901",
"dest": "/tmp/data.sh",
"gid": 0,
"group": "root",
"md5sum": "159569349be4db486945c106d187ea4a",
"mode": "0755",
"owner": "root",
"size": 30,
"src": "/root/.ansible/tmp/ansible-tmp-1472026735.85-123460492539355/source",
"state": "file",
"uid": 0
}
[email protected]:~# ansible openstack -m command -a ‘ls -l /tmp/data.sh‘
192.168.13.30 | SUCCESS | rc=0 >>
-rwxr-xr-x 1 root root 30 Aug 24 16:18 /tmp/data.sh
[email protected]:~# ansible openstack -m shell -a ‘/tmp/data.sh‘
192.168.13.30 | SUCCESS | rc=0 >>
2016-08-24_16:20:00
7、其它模块
其他常用模块,比如:service、cron、yum、synchronize就不一一例举,可以结合自身的系统环境进行测试。
service:系统服务管理
cron:计划任务管理
yum:yum软件包安装管理
synchronize:使用rsync同步文件
user:系统用户管理
group:系统用户组管理
更多模块可以参考: