|
概述:
===========================================================================
Ansible介绍★运维工具的分类: gent:基于专用的agent程序完成管理功能,puppet, func, zabbix, ... agentless:基于ssh服务完成管理,ansible, fabric, ...
★ansible属于Configuration、Command and Control工具 ★简介
★架构 连接插件(connection plugins):负责和被监控端实现通信; host inventory:指定操作的主机,是一个配置文件里面定义监控的主机; 各种模块核心模块、command模块、自定义模块; 借助于插件完成记录日志邮件等功能; playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
附图: 架构图 ★特性: ★优点 轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可; 批量任务执行可以写成脚本,而且不用分发到远程就可以执行; 使用python编写,维护更简单,ruby语法过于复杂; 支持sudo。
★任务执行流程
说明: (1)以上内容大多是基于他人分享的基础上总结而来,学习借鉴之用; (2)本次安装基于 CentOS 7.2 系统环境。 Ansible安装配置及使用1.安装及程序环境: ★安装: ★程序: ansible ansible-playbook //唱剧本 ansible-doc //获取帮助文档
★配置文件 ★主机清单: ★插件目录:
2.基本使用入门
★ansible命令 语法格式(Usage): 选项: ★配置Host Inventory(主机清单)
★模块: 实验:
1.演示环境
- 准备四台虚拟主机,这里我有3台CentOS 7和1台CentOS 6;
- ip为10.1.252.153的CentOS 7主机模拟ansible的管理端,其余的CentOS 7和6模拟为被管理端;
演示过程如下:(分模块进行)
1.首先进到/etc/ansible的配置文件中,做备份,然后配置主机清单
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
| [iyunv@centos7 ~]# cd /etc/ansible/
[iyunv@centos7 ansible]# ls
ansible.cfg hosts roles
[iyunv@centos7 ansible]# cp ansible.cfg{,.bak}
[iyunv@centos7 ansible]# cp hosts{,.bak}
[iyunv@centos7 ansible]# ls
ansible.cfg ansible.cfg.bak hosts hosts.bak roles
[iyunv@centos7 ansible]# vim hosts
[websrvs] # 定义websrvs组
10.1.252.156 # CentOS 7 主机
10.1.252.161 # CentOS 7 主机
[dbsrvs] # 定义数据库组
10.1.252.205 # CentOS 6 主机
10.1.252.161 #一台主机可以属于多个组
|
2.获取模块列表和使用帮助
1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@centos7 ansible]# ansible-doc -h
Usage: ansible-doc [options] [module...]
Options:
-h, --help show this help message and exit
-l, --list List available modules # 获取模块列表
-M MODULE_PATH, --module-path=MODULE_PATH
specify path(s) to module library (default=None)
-s, --snippet Show playbook snippet for specified module(s) # 获取指定模块简单用法
-v, --verbose verbose mode (-vvv for more, -vvvv to enable # 获取详细用法
connection debugging)
--version show program's version number and exit
|
3.配置好基于秘钥认证连接被管控主机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| # 在管控端生成ssh服务的秘钥对
[iyunv@centos7 ~]# ssh-keygen -t rsa -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
87:ef:0c:65:de:13:08:fe:0c:ea:23:3e:75:01:f5:b6 root@centos7
The key's randomart image is:
+--[ RSA 2048]----+
| .. |
| . . |
| .. o |
| ..+ o |
| S.E . |
| ...X . . |
| .... = o |
| o.. + . |
| ..o.. o |
+-----------------+
[iyunv@centos7 ~]# cd .ssh
[iyunv@centos7 .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
|
把生成的密钥对传给其他被管控端(比较安全的做法)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| [iyunv@centos7 ~]# ssh-copy-id -i .ssh/id_rsa.pub root@10.1.252.161
The authenticity of host '10.1.252.161 (10.1.252.161)' can't be established.
ECDSA key fingerprint is 56:78:d2:e8:41:b0:62:ad:4f:47:90:75:01:a4:fa:8c.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.1.252.161's password: # 第一次需要输入密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@10.1.252.161'"
and check to make sure that only the key(s) you wanted were added.
# 测试连接被管控主机,发现可以不用密码就能获取信息
[iyunv@centos7 ~]# ssh 10.1.252.161 'ifconfig'
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.252.161 netmask 255.255.0.0 broadcast 10.1.255.255
inet6 fe80::20c:29ff:fed6:e460 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d6:e4:60 txqueuelen 1000 (Ethernet)
RX packets 24229 bytes 1996170 (1.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 672 bytes 91700 (89.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 68 bytes 5588 (5.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 68 bytes 5588 (5.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
Ansible常用模块详解 1.ping:
作用:探测目标主机是否存活;
演示: 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| [iyunv@centos7 ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success.
action: ping
# 连接websrvs组的主机,探测是否OK
[iyunv@centos7 ~]# ansible websrvs -m ping
10.1.252.156 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.161 | SUCCESS => {
"changed": false,
"ping": "pong"
}
# 探测所有的主机是否OK
[iyunv@centos7 ~]# ansible all -m ping
10.1.252.156 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.161 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.1.252.205 | SUCCESS => {
"changed": false,
"ping": "pong"
}
|
2.command:
作用:在远程主机执行命令;
演示:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| [iyunv@centos7 ~]# ansible all -m command -a "ifconfig" # 获取所有主机的ip地址
10.1.252.205 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:CB:50:90
inet addr:10.1.252.205 Bcast:10.1.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fecb:5090/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:345117 errors:0 dropped:0 overruns:0 frame:0
TX packets:1571 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:39948104 (38.0 MiB) TX bytes:148792 (145.3 KiB)
10.1.252.156 | SUCCESS | rc=0 >>
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.252.156 netmask 255.255.0.0 broadcast 10.1.255.255
inet6 fe80::20c:29ff:fe16:ed45 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:16:ed:45 txqueuelen 1000 (Ethernet)
RX packets 31117 bytes 2793084 (2.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 571 bytes 104372 (101.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
10.1.252.161 | SUCCESS | rc=0 >>
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.1.252.161 netmask 255.255.0.0 broadcast 10.1.255.255
inet6 fe80::20c:29ff:fed6:e460 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:d6:e4:60 txqueuelen 1000 (Ethernet)
RX packets 30903 bytes 2725577 (2.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 950 bytes 134392 (131.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| # 同时在3台被管控主机上创建“centos”的用户
[iyunv@centos7 ~]# ansible all -m command -a "useradd centos"
10.1.252.156 | SUCCESS | rc=0 >>
10.1.252.205 | SUCCESS | rc=0 >>
10.1.252.161 | SUCCESS | rc=0 >>
# 查看3台主机centos 用户的id
[iyunv@centos7 ~]# ansible all -m command -a "id centos"
10.1.252.205 | SUCCESS | rc=0 >>
uid=500(centos) gid=500(centos) groups=500(centos)
10.1.252.156 | SUCCESS | rc=0 >>
uid=1003(centos) gid=1003(centos) groups=1003(centos)
10.1.252.161 | SUCCESS | rc=0 >>
uid=1001(centos) gid=1001(centos) groups=1001(centos)
# 为3台主机centos用户设定密码为123456(通过管道传送),发现command模块只识别最左侧命令,这时要使用shell模块
[iyunv@centos7 ~]# ansible all -m command -a "echo '123456' |passwd --stdin centos"
10.1.252.205 | SUCCESS | rc=0 >>
123456 |passwd --stdin centos # 可以看到只是执行了echo命令
10.1.252.156 | SUCCESS | rc=0 >>
123456 |passwd --stdin centos
10.1.252.161 | SUCCESS | rc=0 >>
123456 |passwd --stdin centos
|
3.shell:
作用:在远程主机上调用shell解释器运行命令,支持shell的各种功能,例如管道等 ;
注意:
command和shell模块的核心参数直接为命令本身;而其它模块的参数通常为“key=value”格式;
演示:
1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@centos7 ~]# ansible all -m shell -a "echo '123456' |passwd --stdin centos"
10.1.252.205 | SUCCESS | rc=0 >>
Changing password for user centos.
passwd: all authentication tokens updated successfully. # 命令正常的执行结果
10.1.252.156 | SUCCESS | rc=0 >>
Changing password for user centos.
passwd: all authentication tokens updated successfully.
10.1.252.161 | SUCCESS | rc=0 >>
Changing password for user centos.
passwd: all authentication tokens updated successfully.
|
4.copy:
作用:复制ansible主机上的文件到远程控制主机;
用法:
复制文件
-a "src=\'#\'" "
给定内容生成文件
-a "content= dest= "
其它参数:
mode, owner, group, ...
演示:
1)复制源文件到目标文件,可以给定权限等
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| # 复制一个文件到远程的3个主机,权限为640
[iyunv@centos7 ~]# ansible all -m copy -a "src=/etc/fstab dest=/tmp/fstab.ansible mode=640"
10.1.252.205 | SUCCESS => {
"changed": true,
"checksum": "421fa89581f3b00d98daf454970270bc61e5ceb6", # 校验码
"dest": "/tmp/fstab.ansible", # 目标文件
"gid": 0,
"group": "root",
"md5sum": "54f0b2c85cffa2102495c84d75f1f369",
"mode": "0640", # 权限
"owner": "root",
"size": 690, # 大小
"src": "/root/.ansible/tmp/ansible-tmp-1478696569.63-274366424153403/source", # 源文件
"state": "file",
"uid": 0
}
[iyunv@centos7 ~]# ansible all -m shell -a "ls -l /tmp/fstab.ansible"
10.1.252.205 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 20:28 /tmp/fstab.ansible # 执行成功
10.1.252.156 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 21:32 /tmp/fstab.ansible
10.1.252.161 | SUCCESS | rc=0 >>
-rw-r----- 1 root root 690 Nov 9 21:32 /tmp/fstab.ansible
|
2)给定内容生成文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| [iyunv@centos7 ~]# ansible all -m copy -a "content='hello\nword\n' dest=/tmp/test.ansible mode=640"
10.1.252.205 | SUCCESS => {
"changed": true,
"checksum": "96e066939172dfddcfaef89de00ad9a78ca6a774",
"dest": "/tmp/test.ansible",
"gid": 0,
"group": "root",
"md5sum": "d98af44a9c199b9a1ed0ddb0f492f133",
"mode": "0640",
"owner": "root",
"size": 11,
"src": "/root/.ansible/tmp/ansible-tmp-1478697113.75-159001268829457/source",
"state": "file",
"uid": 0
}
[iyunv@centos7 ~]# ansible all -m command -a "cat /tmp/test.ansible "
10.1.252.205 | SUCCESS | rc=0 >>
hello
word
10.1.252.156 | SUCCESS | rc=0 >>
hello
word
10.1.252.161 | SUCCESS | rc=0 >>
hello
word
|
5.file:
作用:设置文件属性;
用法:
创建目录: -a "path= state=directory"
创建链接文件:-a "path= src=\'#\'" /span>
删除文件: -a "path= state=absent“
演示:
1)修改文件属主
1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@centos7 ~]# ansible all -m file -a "path=/tmp/fstab.ansible owner=centos"
10.1.252.205 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0640",
"owner": "centos",
"path": "/tmp/fstab.ansible",
"size": 690,
"state": "file",
"uid": 500
}
|
2)删除文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| # state 用来定义其目标状态
[iyunv@centos7 ~]# ansible all -m file -a "path=/tmp/fstab.ansible state=absent"
10.1.252.205 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}
10.1.252.156 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}
10.1.252.161 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.ansible",
"state": "absent"
}
|
3)创建目录文件
1
2
3
4
5
6
7
8
9
10
11
12
| [iyunv@centos7 ~]# ansible all -m file -a "path=/tmp/dir.ansible state=directory"
10.1.252.205 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/dir.ansible",
"size": 4096,
"state": "directory",
"uid": 0
}
|
4)创建链接文件 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| [iyunv@centos7 ~]# ansible all -m file -a "path=/tmp/test.ansible.link src=/tmp/test.ansible state=link"
10.1.252.205 | SUCCESS => {
"changed": true,
"dest": "/tmp/test.ansible.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 17,
"src": "/tmp/test.ansible",
"state": "link",
"uid": 0
}
# 远程主机查看,成功创建链接文件
[iyunv@CentOS6 ~]# ls /tmp
dir.ansible ks-script-OR__dn ks-script-OR__dn.log test.ansible test.ansible.link yum.log
|
|
|