项目背景:
实验环境:
软件介绍
Ansible是一种集成IT系统的配置管理、应用部署、执行特定任务的开源平台,它是基于python语言,由Paramiko和PyYAML两个关键模块构建。集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。
ansible软件的一些特性:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
ansible特点:
部署简单,只需要在主控端部署Ansible环境,被控端不用做任何操作。#这个特点我就爱死了!!
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作; #SSH2
(6)、strong multi-tier solution:可实现多级指挥。
软件的常用命令:
实验流程 :
一、
epel源配置:
http://www.centoscn.com/CentOS/config/2014/0920/3793.html
一个很好的线上文档。(如果有问题的话,可以在下面留言,我看到的话会回复。)
二、ansible软件安装
yum安装:
1、软件安装
[[email protected]_server01 ~]# yum install ansible -y
2、查看已安装的ansible软件
[[email protected]_server01 ~]# rpm -q ansible
ansible-1.9.4-1.el6.noarch
可以看到安装成功了!
3、查看软件的使用:
[[email protected]_server01 ~]# ansible #我们直接在命令行里输入ansible,回车。
Usage: ansible <host-pattern> [options]
Options:
-a MODULE_ARGS, --args=MODULE_ARGS
module arguments
--ask-become-pass ask for privilege escalation password
-k, --ask-pass ask for SSH password
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS
run asynchronously, failing after X seconds
(default=N/A)
-b, --become run operations with become (nopasswd implied)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | runas ]
--become-user=BECOME_USER
run operations as this user (default=None)
-C, --check don‘t make any changes; instead, try to predict some
of the changes that may occur
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY
specify inventory host file
(default=/etc/ansible/hosts)
-l SUBSET, --limit=SUBSET
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute
anything else
-m MODULE_NAME, --module-name=MODULE_NAME
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
-o, --one-line condense output
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--private-key=PRIVATE_KEY_FILE
use this file to authenticate the connection
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-s, --sudo run operations with sudo (nopasswd) (deprecated, use
become)
-U SUDO_USER, --sudo-user=SUDO_USER
desired sudo user (default=root) (deprecated, use
become)
-T TIMEOUT, --timeout=TIMEOUT
override the SSH timeout in seconds (default=10)
-t TREE, --tree=TREE log output to this directory
-u REMOTE_USER, --user=REMOTE_USER
connect as this user (default=root)
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program‘s version number and exit
可以看到会有大量的输出,我们就是根据自己的需求灵活应用上面的命令。
三、对/etc/ansible/hosts 进行修改,用来符合我们的需求。
[[email protected]_server01 ~]# cat /etc/ansible/hosts
# This is the default ansible ‘hosts‘ file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the ‘#‘ character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
#这里用户或者域名!!!!
ansible.client.com
192.168.0.21
#green.example.com
#blue.example.com
#192.168.100.1
#192.168.100.10
# Ex 2: A collection of hosts belonging to the ‘webservers‘ group
#这里定义用户组,用户可以写主机名,或者主机ip,定义到组里的就是一个整体了。
[webservers]
ansible.client.com
192.168.0.21
#alpha.example.org
#beta.example.org
#192.168.1.100
#192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
#www[001:006].example.com #定义有规律的一段主机
# Ex 3: A collection of database servers in the ‘dbservers‘ group
#这里也是定义用户组,我们操作的时候直接对用户组名操作
[dbservers]
ansible.client.com
192.168.0.21
#db01.intranet.mydomain.net
#db02.intranet.mydomain.net
#10.25.1.56
#10.25.1.57
# Here‘s another example of host ranges, this time there are no
# leading 0s:
#db-[99:101]-node.example.com #定义有规律的一段主机
四、查看ansible的模块列表
因为ansible是模块化的,所以你如果想用好它,那么肯定得会查吧
1、获取模块列表!
[[email protected]_server01 ~]# ansible-doc -l
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
a10_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_service_group Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
a10_virtual_server Manage A10 Networks AX/SoftAX/Thunder/vThunder devices
acl Sets and retrieves file ACL information.
add_host add a host (and alternatively a group) to the ansible-playbook in-memory inve...
airbrake_deployment Notify airbrake about app deployments
alternatives Manages alternative programs for common commands
apache2_module enables/disables a module of the Apache2 webserver
apt Manages apt-packages
apt_key Add or remove an apt key
apt_repository Add and remove APT repositories
apt_rpm apt_rpm package manager
assemble Assembles a configuration file from fragments
assert Fail with custom message
at Schedule the execution of a command or script file via the at command.
authorized_key Adds or removes an SSH authorized key
azure create or terminate a virtual machine in azure
bigip_facts Collect facts from F5 BIG-IP devices
bigip_monitor_http Manages F5 BIG-IP LTM http monitors
bigip_monitor_tcp Manages F5 BIG-IP LTM tcp monitors
: #你回车的话会一直展示
2、获取制定模块的使用信息
[[email protected]_server01 ~]# ansible-doc -s acl
less 436
Copyright (C) 1984-2009 Mark Nudelman
less comes with NO WARRANTY, to the extent permitted by law.
For information about the terms of redistribution,
see the file named README in the less distribution.
Homepage: http://www.greenwoodsoftware.com/less
- name: S e t s a n d r e t r i e v e s f i l e A C L i n f o r m a t i o n .
action: acl
default # if the target is a directory, setting this to yes will make it the default acl f
entity # actual user or group that the ACL applies to when matching entity types user or
entry # DEPRECATED. The acl to set or remove. This must always be quoted in the form of
etype # the entity type of the ACL to apply, see setfacl documentation for more info.
follow # whether to follow symlinks on the path if a symlink is encountered.
name= # The full path of the file or object.
permissions # Permissions to apply/remove can be any combination of r, w and x (read, write a
state # defines whether the ACL should be present or not. The `query‘ state gets the cu
如果我们想知道如何使用某一个模块的话我们可以这样查看。
四、设置ssh免密码登录
http://9399369.blog.51cto.com/9389369/1750915
《配置ssh的双机信任》这篇博文是我前段时间写的,你可以参考一下。
项目总结: