ansible是新出現的自動化運維工具,基于Python開發,集合了衆多運維工具(puppet、cfengine、chef、func、fabric)的優點,實作了批量系統配置、批量程式部署、批量運作指令等功能。
ansible是基于子產品工作的,本身沒有批量部署的能力。真正具有批量部署的是ansible所運作的子產品,ansible隻是提供一種架構。主要包括:
(1)、連接配接插件connection plugins:負責和被監控端實作通信;
(2)、host inventory:指定操作的主機,是一個配置檔案裡面定義監控的主機;
(3)、各種子產品核心子產品、command子產品、自定義子產品;
(4)、借助于插件完成記錄日志郵件等功能;
(5)、playbook:劇本執行多個任務時,非必需可以讓節點一次性運作多個任務。
ansible架構圖:
1.安裝ansible
//配置yum源
[root@heyuanjie ~]# cd /etc/yum.repos.d/
[root@heyuanjie yum.repos.d]# curl -o CentOS7-Base-163.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1572 100 1572 0 0 10783 0 --:--:-- --:--:-- --:--:-- 10841
[root@heyuanjie yum.repos.d]# sed -i 's/\$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@heyuanjie yum.repos.d]# sed -i 's/^enabled=.*/enabled=1/g' /etc/yum.repos.d/CentOS7-Base-163.repo
[root@heyuanjie ~]# yum -y install epel-release
[root@heyuanjie ~]# yum -y install ansible ansible-doc
[root@heyuanjie ~]# ansible --version
ansible 2.6.3
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Aug 4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]
2.ansible配置
/etc/ansible/ansible.cfg ansible主配置檔案
/etc/ansible/hosts 受控主機清單
受控主機清單配置方式:
1)分組配置
2)ip配置
3)域名配置
4)通配符配置
ansible通過ssh來控制遠端主機,是以要配置ssh互信,否則将會提示你輸入密碼。
3.ansible如何擷取幫助
ansible通過ansible-doc指令來擷取幫助資訊,可以使用此指令的-s選項來擷取指定子產品的的幫助資訊。
//查詢ping子產品的幫助文檔
[root@heyuanjie ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return
pong' on success<br/>ping:<br/>data: # Data to return for the
ping' return value. If this
parameter is set to `crash',
the module will cause an
exception.
4.ansible常用子產品詳解
ansiblechang用子產品有:
1)ping
2)yum
3)template
4)copy
5)user
6)group
7)service
8)raw
9)command
10)shell
11)script
ansible常用子產品raw,command,shell的差別:
shell子產品調用的是/bin/sh指令執行
command子產品不是調用的shell指令,是以沒有bash的環境變量
raw很多地方和shell相似,更多地方建議使用shell和command子產品。但是如果使用老版本的python,需要用到raw,又或者是用戶端是路由器,因為沒有安裝python子產品,那就需要使用raw子產品了
//ansible常用子產品之ping
ping子產品用于檢查指定節點機器是否連通,用法很簡單,不涉及參數,主機如果線上,則回複pong。
先将客戶機加入到受控主機清單中
[root@heyuanjie ~]# vi /etc/ansible/hosts //添加受控主機組loveran,并加入ip。
[loveran]
192.168.56.12
//配置ssh互信
[root@heyuanjie ~]# ssh-keygen -t rsa
[root@heyuanjie ~]# ssh-copy-id 192.168.56.12
[root@heyuanjie ~]# ansible all -m ping
192.168.56.12 | SUCCESS => {
"changed": false,
"ping": "pong"
}
//ansible常用子產品之command
command子產品用于在遠端主機上執行指令,ansible預設就是使用command子產品。
command子產品有一個缺陷就是不能使用管道符和重定向功能。
//檢視受控主機的/tmp目錄内容
[root@heyuanjie ~]# ansible 192.168.56.12 -a 'ls /tmp'
192.168.56.12 | SUCCESS | rc=0 >>
ansible_bs1IKZ
systemd-private-76b20d25809c4faf803a4af9563853d1-vgauthd.service-eJNR6R
systemd-private-76b20d25809c4faf803a4af9563853d1-vmtoolsd.service-FyuJ1s
//在受控主機的/tmp目錄下建立一個檔案ran
//由于之前在受控主機清單中建立了受控主機組loveran,是以這裡可以用組名代替ip。
[root@heyuanjie ~]# ansible loveran -a 'touch /tmp/ran'
[WARNING]: Consider using the file module with state=touch rather than running touch. If
you need to use command because file is insufficient you can add warn=False to this
command task or set command_warnings=False in ansible.cfg to get rid of this message.
[root@heyuanjie ~]# ansible loveran -a 'ls /tmp'
ansible_ls11Da
ran
//command子產品不支援管道符,不支援重定向
[root@heyuanjie ~]# ansible loveran -a 'echo "hello world">/tmp/ran'
hello world>/tmp/ran
[root@heyuanjie ~]# ansible loveran -a 'cat /tmp/ran'
[root@heyuanjie ~]# ansible loveran -a 'ps -ef|grep ssh'
192.168.56.12 | FAILED | rc=1 >>
error: unsupported SysV option
Usage:
ps [options]
Try 'ps --help <simple|list|output|threads|misc|all>'
or 'ps --help <s|l|o|t|m|a>'
for additional help text.
For more details see ps(1).non-zero return code
//ansible常用子產品之raw
raw子產品用于在遠端主機上執行指令,支援管道符與重定向
//重定向
[root@heyuanjie ~]# ansible loveran -m raw -a 'echo "you are my rose,ran">/tmp/ran'
Shared connection to 192.168.56.12 closed.
[root@heyuanjie ~]# ansible loveran -m raw -a 'cat /tmp/ran'
you are my rose,ran
//管道
[root@heyuanjie ~]# ansible loveran -m raw -a 'ps -ef|grep ssh'
root 985 1 0 14:37 ? 00:00:00 /usr/sbin/sshd -D
root 1096 985 0 14:38 ? 00:00:00 sshd: root@pts/0
root 1664 985 0 15:39 ? 00:00:00 sshd: root@pts/1
root 1667 1664 0 15:39 pts/1 00:00:00 bash -c ps -ef|grep ssh
root 1677 1667 0 15:39 pts/1 00:00:00 grep ssh
//ansible常用子產品之shell
shell子產品用于在受控機上執行受控機上的腳本,亦可以直接在受控機上執行指令。
shell子產品同時支援管道和重定向
//在受控機上建立腳本存放目錄,并手動編寫一個腳本。
[root@hyj ~]# mkdir /scripts
[root@hyj ~]# vi /scripts/test.sh
#!/bin/bash
for i in $(seq 10);do
echo $i
done
//在伺服器端執行
[root@heyuanjie ~]# ansible loveran -m shell -a 'sh /scripts/test.sh &> /tmp/test'
[root@heyuanjie ~]# ansible loveran -m shell -a 'cat /tmp/test'
1
2
3
4
5
6
7
8
9
10
//ansible子產品之scripts
scripts子產品用于在受控機上執行主要機上腳本
[root@heyuanjie ~]# mkdir /scripts
[root@heyuanjie ~]# vi /scripts/test1.sh
for i in $(cat /etc/passwd);do
echo '--------------------'
//執行腳本
[root@heyuanjie ~]# ansible loveran -m script -a '/scripts/test1.sh &> /tmp/test1'
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.56.12 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.56.12 closed."
],
"stdout": "",
"stdout_lines": []
//檢視受控主機上的/tmp/test1的内容
[root@heyuanjie ~]# ansible loveran -a 'cat /tmp/test1'
root:x:0:0:root:/root:/bin/bash
中間省略......
SSH:/var/empty/sshd:/sbin/nologin
//由此可見确是在受控機上執行了主要機上的腳本,且輸出記錄到了受控機上
//ansible常用子產品之template
template子產品用于生成一個模闆,并可将其傳輸至遠端主機上
//例如将之前下載下傳好的163源傳到受控主機
[root@heyuanjie ~]# ansible loveran -m template -a 'src=/etc/yum.repos.d/CentOS7-Base-163.repo dest=/etc/yum.repos.d/163.repo'
"checksum": "60b8868e0599489038710c45025fc11cbccf35f2",
"dest": "/etc/yum.repos.d/163.repo",
"gid": 0,
"group": "root",
"md5sum": "5a3e688854d9ceccf327b953dab55b21",
"mode": "0644",
"owner": "root",
"secontext": "system_u:object_r:system_conf_t:s0",
"size": 1462,
"src": "/root/.ansible/tmp/ansible-tmp-1536567908.24-251842099276509/source",
"state": "file",
"uid": 0
//在受控主機上檢視是否有163源
[root@hyj ~]# ls /etc/yum.repos.d/
163.repo CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
//ansible常用子產品之yum
yum子產品用于在指定節點機器上通過yum管理軟體,其支援的參數主要有兩個
1)name:要管理的包名
2)state:要進行的操作
state常用的值:
1)latest:安裝軟體
2)installed:安裝軟體
3)present:安裝軟體
4)removed:解除安裝軟體
5)absent:解除安裝軟體
若想使用yum來管理軟體,請確定受控機上的yum源無異常
在受控主機上檢視vsftpd軟體是否安裝
[root@hyj ~]# rpm -qa|grep vsftpd
//在ansible主機上使用yum子產品在受控機上安裝vsftpd
[root@heyuanjie ~]# ansible loveran -m yum -a 'name=vsftpd state=present'
"msg": "Repository base is listed more than once in the configuration\nRepository updates is listed more than once in the configuration\nRepository extras is listed more than once in the configuration\nRepository centosplus is listed more than once in the configuration\nwarning: /var/cache/yum/x86_64/7/base/packages/vsftpd-3.0.2-22.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY\nImporting GPG key 0xF4A80EB5:\n Userid : \"CentOS-7 Key (CentOS 7 Official Signing Key) <[email protected]>\"\n Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5\n From : http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\n",
"results": [
"Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:3.0.2-22.el7 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 3.0.2-22.el7 base 169 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package\n\nTotal download size: 169 k\nInstalled size: 348 k\nDownloading packages:\nPublic key for vsftpd-3.0.2-22.el7.x86_64.rpm is not installed\nRetrieving key from http://mirrors.163.com/centos/RPM-GPG-KEY-CentOS-7\nRunning transaction check\nRunning transaction test\nTransaction test succeeded\nRunning transaction\n Installing : vsftpd-3.0.2-22.el7.x86_64 1/1 \n Verifying : vsftpd-3.0.2-22.el7.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:3.0.2-22.el7 \n\nComplete!\n"
]
//檢視受控機上是否安裝了vsftpd
vsftpd-3.0.2-22.el7.x86_64
//ansible常用子產品之copy
copy子產品用于複制檔案至遠端受控機。
[root@heyuanjie ~]# ls /scripts/
test1.sh
[root@heyuanjie ~]# ansible loveran -m copy -a 'src=/scripts/test1.sh dest=/scripts/'
"checksum": "eb97897fd2d5e4fbcd4a52e22375f4cbfb1eccf1",
"dest": "/scripts/test1.sh",
"md5sum": "7bfa938368f4bbf2fb2f0e6b4e0f4f40",
"secontext": "system_u:object_r:default_t:s0",
"size": 92,
"src": "/root/.ansible/tmp/ansible-tmp-1536569473.16-220537992503363/source",
[root@heyuanjie ~]# ansible loveran -a 'ls /scripts'
test.sh
//ansible常用子產品之group
group子產品用于在受控主機上添加或删除組
//在受控主機上添加一個系統組,gid為306,組名為mysql
[root@heyuanjie ~]# ansible loveran -m group -a 'name=mysql gid=306 state=present'
"gid": 306,
"name": "mysql",
"state": "present",
"system": false
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/group'
mysql:x:306:
//删除受控機上的組
[root@heyuanjie ~]# ansible loveran -m group -a 'name=mysql state=absent'
"state": "absent"
non-zero return code
//ansible常用子產品之user
user子產品用于管理受控機的使用者賬号
//在受控機上添加一個系統使用者,使用者名為mysql,uid為306,設定其shell為/sbin/nologin,無家目錄
[root@heyuanjie ~]# ansible loveran -m user -a 'name=mysql uid=306 system=yes create_home=no shell=/sbin/nologin state=present'
"comment": "",
"create_home": false,
"group": 306,
"home": "/home/mysql",
"shell": "/sbin/nologin",
"system": true,
"uid": 306
[root@heyuanjie ~]# ansible loveran -m shell -a 'grep mysql /etc/passwd'
mysql:x:306:306::/home/mysql:/sbin/nologin
//修改mysql使用者uid為366
[root@heyuanjie ~]# ansible loveran -m user -a 'name=mysql uid=366'
"append": false,
"move_home": false,
"uid": 366
mysql:x:366:306::/home/mysql:/sbin/nologin
![小技巧 (十一) ansible普通使用者執行[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)