ansible基础—安装与常用模块
ansible介绍:ansible是一个基于python开发的轻量级自动化运维管理工具,可以用来批量执行命令,安装程序,支持playbook编排。它通过ssh协议来连接主机,省去了在每一台主机安装客户端的麻烦,相对比puppet和saltstack,显得更为简单和轻量。
ansible命令参数:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
Usage: ansible <host-pattern>
Options:
-a MODULE_ARGS, --args=MODULE_ARGS 模块的参数
module arguments
--ask-vault-pass ask for vault password
-B SECONDS, --background=SECONDS 异步运行,在X秒后失效
run asynchronously, failing after X seconds
(default=N/A)
-C, --check don't make any changes; instead, try to predict some 测试运行后改变的内容,不会执行
of the changes that may occur
-D, --diff when changing (small) files and templates, show the 在更改文件时,可以显示文件的不同
differences in those files; works great with --check
-e EXTRA_VARS, --extra-vars=EXTRA_VARS
set additional variables as key=value or YAML/JSON
-f FORKS, --forks=FORKS
specify number of parallel processes to use
(default=5)
-h, --help show this help message and exit
-i INVENTORY, --inventory-file=INVENTORY 指定hosts文件路径,默认为/etc/ansible/hosts
specify inventory host path
(default=/etc/ansible/hosts) or comma separated host
list.
-l SUBSET, --limit=SUBSET 指定pattern,对已经匹配的主机再过滤一次
further limit selected hosts to an additional pattern
--list-hosts outputs a list of matching hosts; does not execute 打印匹配的主机,不执行命令
anything else
-m MODULE_NAME, --module-name=MODULE_NAME 要执行的模块名字,默认模块为command
module name to execute (default=command)
-M MODULE_PATH, --module-path=MODULE_PATH 要执行的模块路径,默认为/usr/share/ansible
specify path(s) to module library (default=None)
--new-vault-password-file=NEW_VAULT_PASSWORD_FILE
new vault password file for rekey
-o, --one-line condense output 压缩输出
--output=OUTPUT_FILEoutput file name for encrypt or decrypt; use - for
stdout
-P POLL_INTERVAL, --poll=POLL_INTERVAL
set the poll interval if using -B (default=15)
--syntax-check perform a syntax check on the playbook, but do not 对playbook进行语法检测,不执行该playbook
execute it
-t TREE, --tree=TREElog output to this directory 把日志输出到该目录
--vault-password-file=VAULT_PASSWORD_FILE
vault password file
-v, --verbose verbose mode (-vvv for more, -vvvv to enable
connection debugging)
--version show program's version number and exit
Connection Options:
control as whom and how to connect to hosts
-k, --ask-pass ask for connection password 当使用密码验证登录的时候,提示输入ssh登录密码
--private-key=PRIVATE_KEY_FILE, --key-file=PRIVATE_KEY_FILE 私钥路径
use this file to authenticate the connection
-u REMOTE_USER, --user=REMOTE_USER ssh连接的用户名,默认root
connect as this user (default=None)
-c CONNECTION, --connection=CONNECTION
connection type to use (default=smart)
-T TIMEOUT, --timeout=TIMEOUT ssh连接超时时间,默认10秒
override the connection timeout in seconds
(default=10)
--ssh-common-args=SSH_COMMON_ARGS
specify common arguments to pass to sftp/scp/ssh (e.g.
ProxyCommand)
--sftp-extra-args=SFTP_EXTRA_ARGS
specify extra arguments to pass to sftp only (e.g. -f,
-l)
--scp-extra-args=SCP_EXTRA_ARGS
specify extra arguments to pass to scp only (e.g. -l)
--ssh-extra-args=SSH_EXTRA_ARGS
specify extra arguments to pass to ssh only (e.g. -R)
Privilege Escalation Options:
control how and which user you become as on target hosts
-s, --sudo run operations with sudo (nopasswd) (deprecated, usesudo运行
become)
-U SUDO_USER, --sudo-user=SUDO_USER sudo到哪个用户,默认为root
desired sudo user (default=root) (deprecated, use
become)
-S, --su run operations with su (deprecated, use become)
-R SU_USER, --su-user=SU_USER
run operations with su as this user (default=root)
(deprecated, use become)
-b, --become run operations with become (does not imply password
prompting)
--become-method=BECOME_METHOD
privilege escalation method to use (default=sudo),
valid choices: [ sudo | su | pbrun | pfexec | doas |
dzdo | ksu ]
--become-user=BECOME_USER
run operations as this user (default=root)
--ask-sudo-pass ask for sudo password (deprecated, use become)
--ask-su-pass ask for su password (deprecated, use become)
-K, --ask-become-pass
部署:
ansible环境:
控制端:192.168.52.128
节点:192.168.52.128
192.168.52.135
ansible安装:
1
# yum -y install ansible
ansible管理端ssh免认证登陆主机:
1
2
3
# ssh-keygen
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.52.135
# ssh-copy-id -i ~/.ssh/id_rsa.pub root@192.168.52.135
配置Inventory主机清单:
1
2
3
4
# vim /etc/ansible/hosts
192.168.52.128
192.168.52.135
尝试ping模块,测试客户端连通性:
1
2
3
4
5
6
7
8
9
# ansible all -m ping
192.168.52.135 | SUCCESS => {
"changed": false,
"ping": "pong"
}
192.168.52.128 | SUCCESS => {
"changed": false,
"ping": "pong"
}
ansible常用模块:
执行命令:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
shell和command:这两个模块都是运行命令的模块,区别是command模块不支持shell变量和管道。
# ansible all -m command -a "free -m"
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1150
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1771 98 0 153 472
-/+ buffers/cache: 1145 723
Swap: 4047 216 3831
# ansible all -m shell -a "free -m"
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1151
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1779 90 0 153 472
-/+ buffers/cache: 1153 716
Swap: 4047 216 3831
# ansible all -m command -a "free -m | grep Swap"
192.168.52.135 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1481 388 1 190 572
-/+ buffers/cache: 718 1151
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
total used free shared buffers cached
Mem: 1869 1771 98 0 153 472
-/+ buffers/cache: 1145 724
Swap: 4047 216 3831
# ansible all -m shell -a "free -m | grep Swap"
192.168.52.135 | SUCCESS | rc=0 >>
Swap: 4047 5 4042
192.168.52.128 | SUCCESS | rc=0 >>
Swap: 4047 216 3831
可以看到在不使用管道的时候shell和command两个模块是没有分别的,但是使用了管道,可以看到command的管道是不生效的。
文件与目录操作:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
copy:拷贝文件。
把/root/test.txt文件拷贝到各服务器的/tmp/test.txt:
# ansible all -m copy -a "src=/root/test.txt dest=/tmp/test.txt"
192.168.52.135 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1480249794.2678375-25305071473517/source",
"state": "file",
"uid": 0
}
192.168.52.128 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1480249794.341813-178065622105186/source",
"state": "file",
"uid": 0
}
# ll /tmp/test.txt
-rw-r--r-- 1 root root 0 Nov 27 20:29 /tmp/test.txt、
# ll /tmp/test.txt
-rw-r--r-- 1 root root 0 Nov8 18:14 /tmp/test.txt
file:更改文件的用户及权限,创建或删除文件和目录。
修改所有服务器的/tmp/test.txt文件的权限为755:
# ansible all -m file -a "dest=/tmp/test.txt mode=755"
192.168.52.135 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.txt",
"size": 0,
"state": "file",
"uid": 0
}
192.168.52.128 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test.txt",
"size": 0,
"state": "file",
"uid": 0
}
# ll /tmp/test.txt
-rwxr-xr-x 1 root root 0 Nov 27 20:29 /tmp/test.txt
# ll test.txt
-rwxr-xr-x 1 root root 0 Nov8 18:14 test.txt
创建/tmp/test目录:
# ansible testservers -m file -a "dest=/tmp/test mode=755 owner=root group=root state=directory"
192.168.52.135 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test",
"size": 4096,
"state": "directory",
"uid": 0
}
192.168.52.128 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/test",
"size": 4096,
"state": "directory",
"uid": 0
}
删除/tmp/test目录:
# ansible testservers -m file -a "dest=/tmp/test state=absent"
192.168.52.135 | SUCCESS => {
"changed": true,
"path": "/tmp/test",
"state": "absent"
}
192.168.52.128 | SUCCESS => {
"changed": true,
"path": "/tmp/test",
"state": "absent"
}
删除/tmp/test.txt文件
# ansible testservers -m file -a "dest=/tmp/test.txt state=absent"
192.168.52.135 | SUCCESS => {
"changed": true,
"path": "/tmp/test.txt",
"state": "absent"
}
192.168.52.128 | SUCCESS => {
"changed": true,
"path": "/tmp/test.txt",
"state": "absent"
}
软件包管理:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
atp(ubuntu),yum(redhat):
安装一个软件包(links):
# ansible testservers -m yum -a "name=links state=present"
192.168.52.135 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: ftp.sjtu.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: ftp.sjtu.edu.cn\n * rpmforge: mirrors.tuna.tsinghua.edu.cn\n * updates: ftp.sjtu.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\rInstalling : 1:links-2.13-1.el6.x86_64 1/1 \n\rVerifying: 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\nlinks.x86_64 1:2.13-1.el6 \n\nComplete!\n"
]
}
192.168.52.128 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.zju.edu.cn\n * epel: mirror.pregi.net\n * extras: mirror.bit.edu.cn\n * rpmforge: miroir.univ-paris13.fr\n * updates: mirrors.zju.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n links x86_64 1:2.13-1.el6 epel 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\rInstalling : 1:links-2.13-1.el6.x86_64 1/1 \n\rVerifying: 1:links-2.13-1.el6.x86_64 1/1 \n\nInstalled:\nlinks.x86_64 1:2.13-1.el6 \n\nComplete!\n"
]
}
# ansible testservers -m yum -a "name=links state=present"
192.168.52.128 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"links-1:2.13-1.el6.x86_64 providing links is already installed"
]
}
192.168.52.135 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"links-1:2.13-1.el6.x86_64 providing links is already installed"
]
}
安装软件到最新版本
# ansible testservers -m yum -a "name=links state=latest"
192.168.52.135 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing links are up to date",
""
]
}
192.168.52.128 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"All packages providing links are up to date",
""
]
}
删除一个软件包:
# ansible testservers -m yum -a "name=links state=absent"
192.168.52.135 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\rErasing : 1:links-2.13-1.el6.x86_64 1/1 \n\rVerifying: 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\nlinks.x86_64 1:2.13-1.el6 \n\nComplete!\n"
]
}
192.168.52.128 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package links.x86_64 1:2.13-1.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n links x86_64 1:2.13-1.el6 @epel 4.5 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 4.5 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\rErasing : 1:links-2.13-1.el6.x86_64 1/1 \n\rVerifying: 1:links-2.13-1.el6.x86_64 1/1 \n\nRemoved:\nlinks.x86_64 1:2.13-1.el6 \n\nComplete!\n"
]
}
# ansible testservers -m yum -a "name=links state=absent"
192.168.52.128 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"links is not installed"
]
}
192.168.52.135 | SUCCESS => {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"links is not installed"
]
}
用户和用户组:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
user:创建,修改,删除用户。
创建cmh用户:
# ansible all -m user -a "name=cmh password=123456"
192.168.52.128 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 501,
"home": "/home/cmh",
"move_home": false,
"name": "cmh",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 501
}
192.168.52.135 | SUCCESS => {
"append": false,
"changed": true,
"comment": "",
"group": 501,
"home": "/home/cmh",
"move_home": false,
"name": "cmh",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 501
}
查看用户:
# id cmh
uid=501(cmh) gid=501(cmh) groups=501(cmh)
删除cmh用户:
# ansible all -m user -a "name=cmh state=absent"
192.168.52.128 | SUCCESS => {
"changed": true,
"force": false,
"name": "cmh",
"remove": false,
"state": "absent"
}
192.168.52.135 | SUCCESS => {
"changed": true,
"force": false,
"name": "cmh",
"remove": false,
"state": "absent"
}
# id cmh
id: cmh: No such user
服务管理:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
service:启动,重启,关闭系统服务。
关闭服务:
# ansible testservers -m service -a "name=nfs state=stopped"
192.168.52.135 | SUCCESS => {
"changed": true,
"name": "nfs",
"state": "stopped"
}
192.168.52.128 | SUCCESS => {
"changed": true,
"name": "nfs",
"state": "stopped"
}
开启服务:
# ansible testservers -m service -a "name=nfs state=started"
192.168.52.135 | SUCCESS => {
"changed": true,
"name": "nfs",
"state": "started"
}
192.168.52.128 | SUCCESS => {
"changed": true,
"name": "nfs",
"state": "started"
}
重启或者重新加载服务:
# ansible testservers -m service -a "name=nfs state=restarted"
# ansible testservers -m service -a "name=nfs state=reloaded"
收集系统信息:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
收集匹配主机的所有信息:
# ansible all -m setup
收集信息并以主机名为文件保存在指定目录中:
# ansible all -m setup --tree /tmp/facts
# tree /tmp/facts/
/tmp/facts/
├── 192.168.52.128
└── 192.168.52.135
0 directories, 2 files
过滤信息:(收集内存相关)
# ansible all -m setup -a 'filter=ansible_*_mb'
192.168.52.135 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 355,
"ansible_memory_mb": {
"nocache": {
"free": 1140,
"used": 729
},
"real": {
"free": 355,
"total": 1869,
"used": 1514
},
"swap": {
"cached": 2,
"free": 4035,
"total": 4047,
"used": 12
}
},
"ansible_memtotal_mb": 1869,
"ansible_swapfree_mb": 4035,
"ansible_swaptotal_mb": 4047
},
"changed": false
}
192.168.52.128 | SUCCESS => {
"ansible_facts": {
"ansible_memfree_mb": 219,
"ansible_memory_mb": {
"nocache": {
"free": 727,
"used": 1142
},
"real": {
"free": 219,
"total": 1869,
"used": 1650
},
"swap": {
"cached": 13,
"free": 3829,
"total": 4047,
"used": 218
}
},
"ansible_memtotal_mb": 1869,
"ansible_swapfree_mb": 3829,
"ansible_swaptotal_mb": 4047
},
"changed": false
}
后记:
这里只是列举了一些ansible最基础的用法,就是入个门,之后会研究一下playbooks的使用,以及怎么利用playbooks的role功能安装一整套服务。
页:
[1]