ansible 工作原理以及使用详解
内容:
1、ansible的作用以及工作结构
2、ansible的安装以及使用
3、ansible的playbook使用
一、ansible的作用以及工作结构
1、ansible简介:
ansible是新出现的自动化运维工具,基于python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
2、ansible的架构:连接其他主机默认使用ssh协议
二、ansible的安装以及常用模块使用
1、ansible无服务器端,使用时直接运行命令即可,同时不需要在被管控主机上安装任何客户端,因此ansible是一个十分轻量级的工具,可以在epel源进行安装,ansible已经被红帽收购,相信不久会被收入base源
配置好epel源后直接yum安装ansible
-
1 2 [root@php ~]# yum info ansible 3 loaded plugins: fastestmirror, refresh-packagekit, security 4 loading mirror speeds from cached hostfile 5 base | 4.0 kb 00:00 ... 6 epel | 4.3 kb 00:00 7 epel/primary_db | 5.7 mb 00:00 8 available packages 9 name : ansible 10 arch : noarch 11 version : 1.9.2 12 release : 1.el6 13 size : 1.7 m 14 repo : epel 15 summary : ssh-based configuration management, deployment, and task execution system 16 url : http://ansible.com 17 license : gplv3 18 description : 19 : ansible is a radically simple model-driven configuration management, 20 : multi-node deployment, and remote task execution system. ansible works 21 : over ssh and does not require any software or daemons to be installed 22 : on remote nodes. extension modules can be written in any language and 23 : are transferred to managed machines automatically. 24 [root@php ~]# yum install ansible
查看生成的主要文件:
1 /etc/ansible 2 /etc/ansible/ansible.cfg #配置文件 3 /etc/ansible/hosts #主机库(host inventory) 4 /usr/bin/ansible #主程序 5 /usr/bin/ansible-doc #文档 6 /usr/bin/ansible-playbook #剧本
ansible命令的使用方法也比较简单:
语法:
ansible <host-pattern> [-f forks] [-m module_name] [-a args]
host-pattern:host inventory文件的一个组名,可以为all
-f forks:并行处理的个数,默认为5
-m module_name:模块名,默认为command
-a args:参数
ansible-doc:
-l:查看模块列表
-s:查看相关模块参数
我们可以看到ansible支持非常多的模块:
1 [21:20 root@centos6.8/var/ftp/pub/files]# ansible-doc -l 2 less 436 3 copyright (c) 1984-2009 mark nudelman 4 less comes with no warranty, to the extent permitted by law. 5 for information about the terms of redistribution, 6 see the file named readme in the less distribution. 7 homepage: http://www.greenwoodsoftware.com/less 8 a10_server manage a10 networks ax/softax/thunder/vthunder devices 9 a10_service_group manage a10 networks ax/softax/thunder/vthunder devices 10 a10_virtual_server manage a10 networks ax/softax/thunder/vthunder devices 11 acl sets and retrieves file acl information. 12 add_host add a host (and alternatively a group) to the ansible-playbook in-memory inventory 13 airbrake_deployment notify airbrake about app deployments 14 alternatives manages alternative programs for common commands 15 apache2_module enables/disables a module of the apache2 webserver 16 apt manages apt-packages 17 apt_key add or remove an apt key 18 apt_repository add and remove apt repositories 19 apt_rpm apt_rpm package manager 20 assemble assembles a configuration file from fragments 21 assert fail with custom message 22 at schedule the execution of a command or script file via the at command. 23 authorized_key adds or removes an ssh authorized key 24 azure create or terminate a virtual machine in azure 25 bigip_facts collect facts from f5 big-ip devices 26 bigip_monitor_http manages f5 big-ip ltm http monitors 27 bigip_monitor_tcp manages f5 big-ip ltm tcp monitors 28 bigip_node manages f5 big-ip ltm nodes 29 bigip_pool manages f5 big-ip ltm pools 30 bigip_pool_member manages f5 big-ip ltm pool members 31 bigpanda notify bigpanda about deployments 32 boundary_meter manage boundary meters 33
注意:使用ansible-doc -s查看帮助是,一般有=号的参数都是必要的参数
ansible默认安装好后有一个配置文件/etc/ansible/ansible.cfg,该配置文件中定义了ansible的主机的默认配置部分,如默认是否需要输入密码、是否开启sudo认证、action_plugins插件的位置、hosts主机组的位置、是否开启log功能、默认端口、key文件位置等等。
具体如下:
1 [defaults] 2 # some basic default values... 3 hostfile = /etc/ansible/hosts \\指定默认hosts配置的位置 4 # library_path = /usr/share/my_modules/ 5 remote_tmp = $home/.ansible/tmp 6 pattern = * 7 forks = 5 8 poll_interval = 15 9 sudo_user = root \\远程sudo用户 10 #ask_sudo_pass = true \\每次执行ansible命令是否询问ssh密码 11 #ask_pass = true \\每次执行ansible命令时是否询问sudo密码 12 transport = smart 13 remote_port = 22 14 module_lang = c 15 gathering = implicit 16 host_key_checking = false \\关闭第一次使用ansible连接客户端是输入命令提示 17 log_path = /var/log/ansible.log \\需要时可以自行添加。chown -r root:root ansible.log 18 system_warnings = false \\关闭运行ansible时系统的提示信息,一般为提示升级 19 # set plugin path directories here, separate with colons 20 action_plugins = /usr/share/ansible_plugins/action_plugins 21 callback_plugins = /usr/share/ansible_plugins/callback_plugins 22 connection_plugins = /usr/share/ansible_plugins/connection_plugins 23 lookup_plugins = /usr/share/ansible_plugins/lookup_plugins 24 vars_plugins = /usr/share/ansible_plugins/vars_plugins 25 filter_plugins = /usr/share/ansible_plugins/filter_plugins 26 fact_caching = memory 27 [accelerate] 28 accelerate_port = 5099 29 accelerate_timeout = 30 30 accelerate_connect_timeout = 5.0 31 # the daemon timeout is measured in minutes. this time is measured 32 # from the last activity to the accelerate daemon. 33 accelerate_daemon_timeout = 30
免密登陆
因为ansible是基于ssh工作,所以在使用ansible之前要先给各个服务器制作ssh免密登陆
用法
1 ansible users1 -m command -a 'ls /etc/rc.local' 2 # | | | | | | 3 # | | | | | |_________________要执行的命令 4 # | | | | | 5 # | | | | |____________________________接命令 6 # | | | | 7 # | | | |__________________________________模块 8 # | | | 9 # | | |_______________________________________接模块 10 # | | 11 # | |____________________________________________组/ip 12 # | 13 # |_____________________________________________________ansible
远程执行命令模块
shell模块
1 # 在/tmp/1.txt写入hello 2 ansible users1 -m shell -a 'echo "hello" > /tmp/1.txt'
1 # 查看/tmp/1.txt文件内容 2 ansible users1 -m shell -a 'cat /tmp/1.txt'
command模块
1 ansible users1 -m command -a 'ls /etc/rc.local'
其他模块
copy模块(将本地文件拷贝到服务器)
1 ansible users1 -m copy -a 'src=/root/passwd dest=/tmp/passwd mode=0777 ownes=user group=youboy'
备注:src本地文件;dest客户端目录;修改权限mode=0777 ;用户ownes=user ;用户组group=youboy
// 指定内容写入到文件
1 ansible users1 -m copy -a 'content="hello word" dest=/tmp/test.txt mode=0777'
fetch模块(将服务器上的文件拷贝到本地)
1 ansible users1 -m fetch -a 'src=/etc/passwd dest=/tmp/passwd'
file模块
1 //删除文件 2 ansible users1 -m file -a 'past=/tmp/passwd state=adsent' 3 //创建软连接 4 ansible users1 -m file -a 'src=/etc/passwd path=/tmp/passwd.link state=link' 5 //修改用户权限 6 ansible users1 -m file -a 'path=/tmp/passwd mode=0777 ownes=user group=youboy'
疑问?
///服务器上的文件拷贝到其他目录
1 ansible users1 -m copy -a 'path=/etc/passwd dest=/tmp/passwd'
cron模块(计划任务)
1 ansible users1 -m cron -a 'minute=10 hour=02 day=15 moneth=12 weekday=7 name="test" job="date > /tmp/date.txt"' 2 //使用shell模块验证计划任务 3 ansible users1 -m shell -a 'crontab -l' 4 //清除计划任务(使用ansible users1 -m cron -a name="test" state=absent''可能无效,使用全命令清除即可) 5 ansible users1 -m cron -a 'minute=10 hour=02 day=15 moneth=12 weekday=7 name="test" job="date > /tmp/date.txt" state=absent' 6 //使用shell模块验证清除的计划任务
hostname模块(临时修改主机名)
1 ansible 192.168.1.2 -m hostname -a 'name=jiahui.com'
yum模块
1 ansible users1 -m yum -a 'name=httpd state=installed'
present 查看安装
installed 安装
latest 升级安装
absent 卸载
service模块(操作服务)
1 //启动服务 2 ansible users1 -m service -a 'name=httpd state=started'
started 启动服务
stopped 关闭服务
1 /开机自启 2 ansible users1 -m service -a 'name=httpd enabled=yes runlevel=2345'
备注:runlevel 运行级别(0123456 7个级别,如下)
1 chkconfig --list | grep httpd 2 httpd 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭
上一篇: 网络安全
下一篇: Lepus搭建企业级数据库慢查询分析平台