江哥架构师笔记简介
Ansible: Configuration、Command and Control,被红帽收购 是什么 ? SSH-based configuration management, deployment, and task execution system 运维工具的分类: agent:基于专用的agent程序完成管理功能,puppet, func, zabbix, ... agentless:基于ssh服务完成管理,不用额外安装其他的客户端就可以控制客户端:ansible, fabric, ... 架构: Ansible Core Modules:各种各样的模块 Core Modules Customed Modules Host Iventory:主机库,清单,要管理的主机 Files CMDB PlayBooks:唱戏的剧本 Hosts roles Connection Plugins: 特性: 模块化:调用特定的模块,完成特定的任务; 基于Python语言研发,由Paramiko, PyYAML和Jinja2三个核心库实现; 部署简单:agentless;不需要专门的客户端 支持自定义模块,使用任意编程语言; 强大的playbook机制; 幂等性;就是可以多次执行,结果相同。比如创建一个目录,再执行一遍,也不会出错
准备的前提环境
纯净的centos7系统四台(192.168.170.21,192.168.170.22,192.168.170.23,192.168.170.24),配置好yum源 四台主机都能通过秘钥进行ssh通信
安装及程序环境:
安装:yi ansible 命令: ansible ansible-playbook ansible-doc 配置文件: /etc/ansible/ansible.cfg 主机清单: /etc/ansible/hosts 插件目录: /usr/share/ansible_plugins/ 基本使用入门: ansible命令: 帮助:ansible -h Usage: ansible <host-pattern> [options] 常用选项: -m MOD_NAME -a MOD_ARGS #指明向哪个模块传递什么参数 配置Host Inventory: /etc/ansible/hosts [group_id] HOST_PATTERN1 HOST_PATTERN2
实际操作
主机:192.168.170.21 [root@localhost /etc/ansible]#cat hosts [websrvs] 192.168.170.22 192.168.170.23 [dbsrvs] 192.168.170.22 192.168.170.24
常用设置说明
模块帮助文档说明: 获取模块列表:ansible-doc -l 获取指定模块的使用帮助:ansible-doc -s MOD_NAME 参数通常为“key=value”格式,比如帮助文件中参数:backup,使用backup=xxx。 如果显示的参数有等于号,比如:name=, 表示这个参数必须指定 如果注释是是否启动这类的,参数的值可以是yes或者no,比如:enabled # Whether the service should start on boot 常用选项: -f FORKS, --forks=FORKS specify number of parallel processes to use (default=5) 执行主机的并发数 -a MODULE_ARGS, --args=MODULE_ARGS module arguments 指定模块对应的参数 -k, --ask-pass ask for connection password 如果公钥没有认证,需要输入密码 关闭交互使用Ansible或定时执行Ansible时对key信息的确认提示 /etc/ansible/ansible.cfg [defaults] host_key_checking = False 如果有主机的SSH端口不是标准的22端口,可在主机名之后加上端口号,用冒号分隔,配置文件中 badwolf.example.com:5309 分配变量给主机很容易做到,这些变量定义后可在 playbooks 中使用: [atlanta] host1 http_port=80 maxRequestsPerChild=808 host2 http_port=303 maxRequestsPerChild=909 也可以定义属于整个组的变量: [atlanta] host1 host2 [atlanta:vars] ntp_server=ntp.atlanta.example.com proxy=proxy.atlanta.example.com
下面是常用模块的一些说明:
ping:探测目标主机是否存活;
主机:192.168.170.21
[root@localhost ~]#ansible all -m ping
192.168.170.24 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.170.22 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.170.23 | SUCCESS => {
"changed": false,
"ping": "pong"
}
command:在远程主机执行命令;因为command为默认的模块,可以不指定,直接使用 ansible websrvs -a "ifconfig" 也可以
[root@localhost ~]#ansible websrvs -m command -a "ifconfig" [root@localhost ~]#ansible all -m command -a "useradd centos" 192.168.170.22 | SUCCESS | rc=0 >> 192.168.170.24 | SUCCESS | rc=0 >> 192.168.170.23 | SUCCESS | rc=0 >> [root@localhost ~]#ansible all -m command -a "id centos" 192.168.170.24 | SUCCESS | rc=0 >> uid=1001(centos) gid=1001(centos) groups=1001(centos) 192.168.170.22 | SUCCESS | rc=0 >> uid=1001(centos) gid=1001(centos) groups=1001(centos) 192.168.170.23 | SUCCESS | rc=0 >> uid=1001(centos) gid=1001(centos) groups=1001(centos) [root@localhost ~]#ansible all -m command -a "echo 'andy' | passwd --stdin centos" #下面执行是错误的,command无法识别管道,是将其当做字符打印出来了 192.168.170.22 | SUCCESS | rc=0 >> andy | passwd --stdin centos 192.168.170.24 | SUCCESS | rc=0 >> andy | passwd --stdin centos 192.168.170.23 | SUCCESS | rc=0 >> andy | passwd --stdin centos
shell:在远程主机上调用shell解释器运行命令,支持shell的各种功能,例如管道等
感觉这个是万能的命令,后面的命令都可以用这个命令来进行执行!!!!!!!!!!!
注意:command和shell模块的核心参数直接为命令本身;而其它模块的参数通常为“key=value”格式;
[root@localhost ~]#ansible all -m shell -a "echo 'andy' | passwd --stdin centos" #使用shell就可以当做命令来识别 192.168.170.24 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully. 192.168.170.22 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully. 192.168.170.23 | SUCCESS | rc=0 >> Changing password for user centos. passwd: all authentication tokens updated successfully.
copy: Copies files to remote locations. #复制ansible主机的文件到远程主机
选项
force:# the default is `yes', which will replace the remote file when contents are different than the source.
If `no', the file will only be transferred if the destination does not exist.
用法:
(1) 复制文件
-a "src= dest= "
(2) 给定内容生成文件
-a "content= dest= "
其它参数:mode, owner, group, ...,指定其他属性,参数通常为“key=value”格式
[root@localhost ~]#ansible all -m copy -a "src=/etc/fstab dest=/tmp/fstab.ansible mode=000 owner=centos group=centos"
192.168.170.24 | SUCCESS => {
"changed": true,
"checksum": "88be096e50ab9249f41edffae5e635ccfe5f881c",
"dest": "/tmp/fstab.ansible",
"gid": 1001,
"group": "centos",
"md5sum": "fb751617e38060cec3321763b25cdf89",
"mode": "0000",
"owner": "centos",
"size": 595,
"src": "/root/.ansible/tmp/ansible-tmp-1483248736.34-86151576449443/source",
"state": "file",
"uid": 1001
}
...
主机:192.168.170.24
[root@localhost /tmp]#ll
total 4
---------- 1 centos centos 595 Jan 1 13:32 fstab.ansible #权限,属主属组,文件目录都对
file:Sets attributes of files #设置文件属性
用法:
(1) 创建目录:
-a "path= state=directory"
(2) 创建链接文件:
-a "path= src= state=link"
(3) 删除文件:
-a "path= state=absent“
主机:192.168.170.21
[root@localhost ~]#ansible all -m file -a "path=/tmp/fstab.link src=/tmp/fstab.ansible state=link" #为fstab.ansible创建fstab.link链接
主机:192.168.170.24
[root@localhost /tmp]#ll
total 4
---------- 1 centos centos 595 Jan 1 13:32 fstab.ansible
lrwxrwxrwx 1 root root 18 Jan 1 13:44 fstab.link -> /tmp/fstab.ansible
主机:192.168.170.21
[root@localhost ~]#ansible all -m file -a "path=/tmp/fstab.link state=absent" #删除链接
192.168.170.22 | SUCCESS => {
"changed": true,
#这里的true表示的是确实改变文件了,执行成功。如果再次执行命令,就是SUCCESS但是changed是false,
#表明文件本来就不存在,没有改变文件,但是命令执行结果也是成功的
"path": "/tmp/fstab.link",
"state": "absent"
}
主机:192.168.170.24
显示链接删除
cron:Manage cron.d and crontab entries #管理计划任务
-a ""
minute=
hour=
day=
month=
weekday=
job=
name=
user=
state={present|absent}
主机:192.168.170.21
[root@localhost ~]#ansible all -m cron -a "minute='*/5' job='/usr/sbin/ntpdate time1.aliyun.com &> /dev/null' name=sync_time" #5分钟同步一次时间,结果不管对错都丢掉
主机:192.168.170.24
[root@localhost ~]#crontab -l
#Ansible: sync_time #这个标记,可以以后删除这个任务的时候使用
*/5 * * * * /usr/sbin/ntpdate time1.aliyun.com &> /dev/null
主机:192.168.170.21
[root@localhost ~]#ansible all -m cron -a "name='sync_time' state=absent" #删除任务,只删除名字对应的计划任务,其他的计划任务不删除
hostname:Manage hostname #设定主机名
-a "" name= 主机:192.168.170.21 [root@localhost ~]#ansible all -m hostname -a "name=abc" 主机:192.168.170.24 [root@localhost ~]#hostname abc
yum:Manages packages with the `yum' package manager #管理程序包,前提yum源要配置好
-a ""
(1) name= state={present|latest}
(2) name= state=absent
主机:192.168.170.21
[root@localhost ~]#ansible all -m yum -a "name=httpd" #安装httpd包
主机:192.168.170.24
[root@localhost ~]#rpm -q httpd
httpd-2.4.6-40.el7.centos.x86_64
主机:192.168.170.21
[root@localhost ~]#ansible all -m yum -a "name=httpd state=absent" #卸载httpd包
主机:192.168.170.24
[root@localhost ~]#rpm -q httpd
package httpd is not installed
service:manage services #管理服务
-a "" name= state= started stopped restarted enabled= runlevel= 主机:192.168.170.21 [root@localhost ~]#ansible all -m service -a "name=httpd state=started enabled=yes" #开启服务,并且开机启动 主机:192.168.170.24 [root@localhost ~]#systemctl status httpd ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Sun 2017-01-01 16:01:20 CST; 1min 17s ago [root@localhost ~]#systemctl is-enabled httpd enabled
组和用户
group: add or remove groups -a "" name= state= system= gid= user:manage user account -a "" name= group= groups= comment= #注释信息 uid= system= shell= expires= #过期时间 home=
setup:Gathers facts about remote hosts #收集用户主机的各种信息集合,比如cpu的颗数等,以后的playbook中可能会用到。
[root@localhost ~]#ansible 192.168.170.22 -m "setup" #收集21主机的所有信息 后面会有很多属性信息
参考文档:http://www.ansible.com.cn/
–
–
–
评论前必须登录!
注册