|
|
ansible 基本概念,ad-hoc操作
ansible 是一个自动化的工具,主要用来管理配置文件,应用部署等作用。
非常高效
通过ssh协议,不需要mq,数据库,agentless的不需要在client上面安装agent,比较轻量级,兼容性比较好。
ansible一般参数
并发10个
$ ansible atlanta -a "/sbin/reboot" -f 10
指定user
$ ansible atlanta -a "/usr/bin/foo" -u username
ad-hoc任务
一般用来做一些一次性的工作,ansible还支持所谓的playbook,一段剧本,可以保持下来复用。
比如说安装一个软件啊,开一个服务啊,执行一条命令什么的。
我们先从最简单的ping开始。
1. ping模块
[iyunv@monitor ]# ansible test -m ping
120.25.145.42 | success >> {
"changed": false,
"ping": "pong"
}
很简单加个-m 参数代表用ping这个模块。他返回两个,changed ,和ping ,
2. shell模块
很简单,就是执行一个shell命令。
比如说echo hello
[iyunv@monitor ~]# ansible test -m shell -a 'echo hello'
120.25.145.42 | success | rc=0 >>
hello
-a 代表shell模块的参数
3. copy,file文件传输模块
copy可以把本机的文件远程传输到目标机器上
例如
[iyunv@monitor ~]# ansible test -m copy -a "src=/etc/hosts dest=/tmp/hosts"
120.25.145.42 | success >> {
"changed": false,
"checksum": "9d85f37d33366a82f2486c304c4c420a214f2aba",
"dest": "/tmp/hosts",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/tmp/hosts",
"size": 353,
"state": "file",
"uid": 0
}
file模块可以修改文件的所有人,所属组,mode。
[iyunv@monitor ~]# ansible test -m file -a " dest=/tmp/hosts owner=nobody"
120.25.145.42 | success >> {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "nobody",
"path": "/tmp/hosts",
"size": 353,
"state": "file",
"uid": 99
}
这些参数同样可以传到copy 模块里面。copy模块的实现好像用的scp。
4. yum,apt模块,软件管理的模块。
ansible-doc yum 看下参数说明
主要是state这个参数,代表安装,卸载等。
state
Whether to install (`present', `latest'), or remove (`absent')
a package. (Choices: present, latest, absent) [Default:
present]
就三个状态,present,latest,absent,前两个代表安装,后面一个是卸载。很好理解。
用起来就是:
[iyunv@monitor ~]# ansible test -m yum -a "name=ntp state=present"
120.25.145.42 | success >> {
"changed": false,
"msg": "",
"rc": 0,
"results": [
"ntp-4.2.6p5-3.el6.centos.x86_64 providing ntp is already installed"
]
}
卸载:
[iyunv@monitor ~]# ansible test -m yum -a "name=ntp state=absent"
120.25.145.42 | success >> {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: refresh-packagekit, security\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package ntp.x86_64 0:4.2.6p5-3.el6.centos will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n ntp x86_64 4.2.6p5-3.el6.centos @updates 1.6 M\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 1.6 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \nwarning: /etc/ntp.conf saved as /etc/ntp.conf.rpmsave\nUnable to connect to dbus\n\r Verifying : ntp-4.2.6p5-3.el6.centos.x86_64 1/1 \n\nRemoved:\n ntp.x86_64 0:4.2.6p5-3.el6.centos \n\nComplete!\n"
]
}
5. User 用户管理模块
包括用户和用户组都可以进行管理。
[iyunv@monitor ~]# ansible test -m user -a "name=ss password='$6$SZpOojUl/UdHCgBZ$cr17itDcLSvLSQnkCrofKUW9k/.TDmJ6rFJZ3pSxKuJ8DquwRpk0OfEuzSIPsRC0xK7RsBM5K/fHEMwyPtX8s/'"
120.25.145.42 | success >> {
"append": false,
"changed": true,
"comment": "",
"group": 504,
"home": "/home/ss",
"move_home": false,
"name": "ss",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 503
}
password的参数是sha512加密的,
可以用grub-crypt生成,或者是用python的模块生成
python -c "from passlib.hash import sha512_crypt; import getpass; print sha512_crypt.encrypt(getpass.getpass())"
详细可以看http://docs.ansible.com/faq.html#how-do-i-generate-crypted-passwords-for-the-user-module
[iyunv@monitor install-zabbix-playbook]# ansible test -m user -a 'name=fuck password="$6$rounds=40000$M.jOLGeGue3hPdYb$FTaslz1igc8IKi7TolGxkDrr9XSRLPT0QXtgwRCqac9XsTEqmWagxLY.1s8oQMjuQUI6hlK/DyFb3Kxye5nar0"'
120.25.145.42 | success >> {
"append": false,
"changed": true,
"comment": "",
"group": 506,
"home": "/home/fuck",
"move_home": false,
"name": "fuck",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/bash",
"state": "present",
"uid": 505
}
查看是否修改成功
[iyunv@iZ94wi1x5hoZ ~]# cat /etc/shadow|grep -E 'fuck|root'
root:$6$AXHXCLyd$vXQw0C/WuHqEM0htW/c9lGAW03Gm8NXnUD9MSHvz9kjBoqqL/AvhxWBX2/NhAXemFtgJPGUYsP0A8hXDMUgns0:16579:0:99999:7:::
fuck:$6$rounds=40000$M.jOLGeGue3hPdYb$FTaslz1igc8IKi7TolGxkDrr9XSRLPT0QXtgwRCqac9XsTEqmWagxLY.1s8oQMjuQUI6hlK/DyFb3Kxye5nar0:16583:0:99999:7:::
6. Git模块
部署项目用
设置一个repo 就好了,当然你设置git:的repo必须ssh认证。这边是基于https认证的例子。
[iyunv@monitor install-zabbix-playbook]# ansible test -m git -a "repo=https://code.csdn.net/aca_jingru/tomcat.git dest=/data"
120.25.145.42 | success >> {
"after": "b11ee2f3471fe647a70a514acb22ecf8b1146628",
"before": null,
"changed": true
}
7. Service服务模块
启动,停止,重启,reload,对应4个state如下:
- started
- stopped
- restarted
- reloaded
[iyunv@monitor ~]# ansible test -m service -a "name=httpd state=restarted"
120.25.145.42 | success >> {
"changed": true,
"name": "httpd",
"state": "started"
}
8. facts侦测模块
把主机上面的基本信息全部侦测一般,这个模块一般不单独用,一般都是配合playbook使用,
单独的用的话一般加个filter过滤参数,比如我要获取网卡信息:
[iyunv@monitor ~]# ansible test -m setup -a "filter=ansible_eth[0-2]"
120.25.145.42 | success >> {
"ansible_facts": {
"ansible_eth0": {
"active": true,
"device": "eth0",
"ipv4": {
"address": "10.116.133.68",
"netmask": "255.255.248.0",
"network": "10.116.128.0"
},
"macaddress": "00:16:3e:00:00:ab",
"module": "xen_netfront",
"mtu": 1500,
"promisc": false,
"type": "ether"
},
"ansible_eth1": {
"active": true,
"device": "eth1",
"ipv4": {
"address": "120.25.145.42",
"netmask": "255.255.252.0",
"network": "120.25.144.0"
},
"macaddress": "00:16:3e:00:18:9b",
"module": "xen_netfront",
"mtu": 1500,
"promisc": false,
"type": "ether"
}
},
"changed": false
} |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-25 15:40:11
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡