Ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括: (1)、连接插件connection plugins:负责和被监控端实现通信; (2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机; (3)、各种模块核心模块、command模块、自定义模块; (4)、借助于插件完成记录日志邮件等功能; (5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。 一、系统安装 [root@centos6 ~]# cat /etc/issue CentOS release 6.5 (Final) [root@centos6 ~]# uname -r 2.6.32-431.el6.x86_64 二、软件安装 [root@centos6 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm [root@centos6 ~]# yum install ansible -y [root@centos6 ~]# ansible --version ansible 2.4.2.0 config file = /etc/ansible/ansible.cfg configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules'] ansible python module location = /usr/lib/python2.6/site-packages/ansible executable location = /usr/bin/ansible python version = 2.6.6 (r266:84292, Aug 18 2016, 15:13:37) [GCC 4.4.7 20120313 (Red Hat 4.4.7-17)] 三、ansible配置介绍 配置文件目录:/etc/ansible/ 执行文件目录:/usr/bin/ Lib库依赖目录:/usr/lib/pythonX.X/site-packages/ansible/ Help文档目录:/usr/share/doc/ansible-X.X.X/ Man 文档目录:/usr/share/man/man1 ansible软件颜色信息: 绿色: 表示查看信息,对远程主机未做改动的命令 红色: 批量管理产生错误信息 ×××: 对远程主机做了相应改动 粉色: 对操作提出建议或忠告
ansible系统命令帮助文档查看方法:
ansible-doc -l --- 列出所有可用的模块信息
ansible-doc -s cron --- 查看指定模块的参数信息
ansible mount -m setup -vvvv --- 主要用于排查ansible批量管理错误(输出详细信息)
ansible软件命令参数总结(最常用)
-k, --ask-pass ask for connection password
以交互方式输入密码,进行远程管理
开始之前需要给客户端做SSH认证,在/etc/ansible/hosts 配置一个test组,里面填写主机IP [test] 192.168.0.24 192.168.0.151
备注:需要熟练掌握/etc/ansible/,主要功能是:Inventory主机信息配置、Ansible工具功能配置等。 执行文件目录:/usr/bin/,主要功能是:Ansible系列命令默认存放目录。Ansible所有的可执行文件存放在该目录下。 四、ansible基本配置模块或者说是常用模块 1,copy 模块 2,file 模块 3,cron 模块 4,group 模块 5,user 模块 6,yum 模块 7,service 模块 8,script 模块 9,ping 模块 10,command 模块 11,raw 模块 12,get_url 模块 13,synchronize 模块
4.1)copy 模块: 目的:把主控端/data下的nagios-3.5.1.tar.gz文件拷贝到【test】组节点上 命令参数:ansible test -m copy -a 'src=/data/nagios-3.5.1.tar.gz dest=/data/' [root@Ansible data]# ansible test -m copy -a 'src=/data/nagios-3.5.1.tar.gz dest=/data/' 192.168.0.24 | SUCCESS => { "changed": true, "checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72", "dest": "/data/nagios-3.5.1.tar.gz", "gid": 0, "group": "root", "md5sum": "9947ed3d220b4da86710884260d42856", "mode": "0644", "owner": "root", "size": 1763584, "src": "/root/.ansible/tmp/ansible-tmp-1521010564.77-89092202669155/source", "state": "file", "uid": 0 } 192.168.0.151 | SUCCESS => { "changed": true, "checksum": "486fd6c75db47000b96d6eebb1654c30d5e9bc72", "dest": "/data/nagios-3.5.1.tar.gz", "gid": 0, "group": "root", "md5sum": "9947ed3d220b4da86710884260d42856", "mode": "0644", "owner": "root", "size": 1763584, "src": "/root/.ansible/tmp/ansible-tmp-1521010564.78-232268640712511/source", "state": "file", "uid": 0 }
4.2)file模块: 目的:更改指定【test】组节点上/tmp/t.sh的权限为755,属主和属组为root 命令参数:ansible test -m file -a "dest=/soft mode=755 owner=root group=root" [root@Ansible data]# ansible test -m file -a "dest=/soft mode=755 owner=root group=root" 192.168.0.24 | SUCCESS => { "changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/soft", "size": 4096, "state": "directory", "uid": 0 } 192.168.0.151 | SUCCESS => { "changed": false, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/soft", "size": 4096, "state": "directory", "uid": 0 }
4.3)cron模块:
目的:在指定【test】组节点上定义一个计划任务,每隔5分钟到NTPserver上更新一次时间
命令:ansible test -m cron -a 'name="#time sync by tony at 2018-01-29 " minute=/5 hour= day=* month=* weekday=* job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"'
[root@Ansible ~]# ansible test -m cron -a 'name="#time sync by tony at 2018-01-29 " minute=/5 hour= day=* month=* weekday=* job="/usr/sbin/ntpdate pool.ntp.org >/dev/null 2>&1"'
192.168.0.24 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"#time sync by tony at 2018-01-29 "
]
}
4.4)group模块: 目的:在指定【test】组节点上创建一个组名为steki,gid为2018的组 命令:ansible test -m group -a 'gid=2018 name=steki' [root@Ansible data]# ansible test -m group -a 'gid=2018 name=steki' 192.168.0.24 | SUCCESS => { "changed": true, "gid": 2018, "name": "steki", "state": "present", "system": false } 192.168.0.151 | SUCCESS => { "changed": true, "gid": 2018, "name": "steki", "state": "present", "system": false }
4.5.1)user模块: 目的:在指定【test】组节点上创建一个用户名为steki,组为steki的用户 命令:ansible test -m user -a 'name=steki group=steki state=present' [root@Ansible data]# ansible test -m user -a 'name=steki group=steki state=present' 192.168.0.24 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 2018, "home": "/home/steki", "name": "steki", "shell": "/bin/bash", "state": "present", "system": false, "uid": 501 } 192.168.0.151 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 2018, "home": "/home/steki", "name": "steki", "shell": "/bin/bash", "state": "present", "system": false, "uid": 501 } 4.5.2)删除用户: 命令:ansible test -m user -a 'name=tom group=tom state=absent remove=yes' [root@Ansible data]# ansible test -m user -a 'name=tom group=tom state=absent remove=yes'
192.168.0.24 | SUCCESS => { "changed": true, "force": false, "name": "tom", "remove": true, "state": "absent" } 192.168.0.151 | SUCCESS => { "changed": true, "force": false, "name": "tom", "remove": true, "state": "absent" }
4.6)yum模块: 目的:在指定【test】组节点上安装nmap服务 命令:ansible test -m yum -a "state=present name=nmap" [root@Ansible data]# ansible test -m yum -a "state=present name=nmap" 192.168.0.151 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "2:nmap-5.51-6.el6.x86_64 providing nmap is already installed" ] }
192.168.0.24 | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: aliases, changelog, downloadonly, fastestmirror, kabi, presto,\n
: security, tmprepo, verify, versionlock\nLoading support for CentOS kernel ABI\nLoading mirror
speeds from cached hostfile\n * base: mirrors.aliyun.com\n * epel: mirror01.idc.hinet.net\n * extras:
mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nSetting up Install
Process\nResolving Dependencies\n--> Running transaction check\n--->
Package nmap.x86_64 2:5.51-6.el6 will be installed\n-->
Finished Dependency Resolution\n\nDependencies Resolved\n\n
================================================================================\n Package
Arch Version Repository
Size\n================================================================================\nInstalling:\n nmap
x86_64 2:5.51-6.el6 base
2.8 M\n\nTransaction Summary\n================================================================================\nInstall
1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 9.7 M\nDownloading Packages:\nSetting up and reading Presto
delta metadata\nProcessing delta metadata\nPackage(s) data still to download: 2.8 M\nRunning rpm_check_debug\nRunning
Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-6.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-6.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-6.el6 \n\nComplete!\n"
]
}
一般安装完软件后需要启动服务,你可以使用一下命令;如:
[root@Ansible ~]# ansible 192.168.0.24 -m command -a '/etc/init.d/mysqld start'
4.7)service模块:
目的:启动指定【test】组节点上的httpd 服务,并让其开机自启动
命令:ansible 10.1.1.113 -m service -a 'name=httpd state=restarted enabled=yes'
[root@Ansible data]# ansible test -m service -a 'name=httpd state=restarted enabled=yes'
192.168.0.24 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
192.168.0.151 | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
4.8)script模块: 目的:在指定【test】组节点上执行/root/a.sh脚本(该脚本是在ansible控制节点上的) 命令:ansible 10.1.1.113 -m script -a '/root/a.sh'
4.9)ping模块: 目的:启动指定【test】组节点上机器是否还能连通 命令:ansible test -m ping [root@Ansible data]# ansible test -m ping 192.168.0.24 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.0.151 | SUCCESS => { "changed": false, "ping": "pong" }
4.10)command模块:
目的:启动指定【test】组节点上机器。
命令:ansible test -m command -a 'ifconfig'
[root@Ansible ~]# ansible test -m command -a 'ifconfig'
192.168.0.24 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:78:5F:F7
inet addr:192.168.0.24 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe78:5ff7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:357529 errors:0 dropped:0 overruns:0 frame:0
TX packets:29159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:167617670 (159.8 MiB) TX bytes:2146356 (2.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:9 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:612 (612.0 b) TX bytes:612 (612.0 b)
192.168.0.151 | SUCCESS | rc=0 >>
eth0 Link encap:Ethernet HWaddr 00:0C:29:4C:57:41
inet addr:192.168.0.151 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe4c:5741/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1957267 errors:0 dropped:0 overruns:0 frame:0
TX packets:968117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:141562715 (135.0 MiB) TX bytes:1266001670 (1.1 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31005 errors:0 dropped:0 overruns:0 frame:0
TX packets:31005 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4433126 (4.2 MiB) TX bytes:4433126 (4.2 MiB)
4.11)raw模块:
目的:在指定【test】组节点上运行hostname命令
命令:ansible test -m raw -a 'hostname'
[root@Ansible ~]# ansible test -m raw -a 'hostname'
192.168.0.24 | SUCCESS | rc=0 >>
Ansible
192.168.0.151 | SUCCESS | rc=0 >> Nagios-Server
查看3306服务端口有没有启动。 [root@Ansible ~]# ansible test -m raw -a "netstat -lntup |grep 3306" 192.168.0.151 | SUCCESS | rc=0 >> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 9217/mysqld
192.168.0.24 | SUCCESS | rc=0 >> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 33502/mysqld
4.12)get_url模块: 目的:将http://192.168.0.22/download/cmake-2.8.8.tar.gz文件下载到指定【test】组节点的/data目录下 命令:ansible test -m get_url -a 'url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data' [root@Ansible ~]# ansible test -m get_url -a 'url=http://192.168.0.22/download/cmake-2.8.8.tar.gz dest=/data' 192.168.0.24 | SUCCESS => { "changed": true, "checksum_dest": null, "checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1", "dest": "/data/cmake-2.8.8.tar.gz", "gid": 0, "group": "root", "md5sum": "ba74b22c788a0c8547976b880cd02b17", "mode": "0644", "msg": "OK (5691656 bytes)", "owner": "root", "size": 5691656, "src": "/tmp/tmpGRtAis", "state": "file", "status_code": 200, "uid": 0, "url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz" } 192.168.0.151 | SUCCESS => { "changed": true, "checksum_dest": null, "checksum_src": "a74dfc3e0a0d7f857ac5dda03bb99ebf07676da1", "dest": "/data/cmake-2.8.8.tar.gz", "gid": 0, "group": "root", "md5sum": "ba74b22c788a0c8547976b880cd02b17", "mode": "0644", "msg": "OK (5691656 bytes)", "owner": "root", "size": 5691656, "src": "/tmp/tmpLdf_hW", "state": "file", "status_code": 200, "uid": 0, "url": "http://192.168.0.22/download/cmake-2.8.8.tar.gz" } 完成后查看一下你下载的文件: [root@Ansible ~]# ansible test -m command -a 'ls /data' 4.13)synchronize模块 目的:将主控方/data目录推送到指定节点的/tmp目录下 命令:ansible test -m synchronize -a 'src=/data/soft dest=/tmp/ compress=yes' delete=yes 使两边的内容一样(即以推送方为主) compress=yes 开启压缩,默认为开启 --exclude=.git 忽略同步.git结尾的文件 [root@Ansible ~]# ansible test -m synchronize -a 'src=/data/soft dest=/tmp/ compress=yes' 192.168.0.24 | SUCCESS => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /data/soft 192.168.0.24:/tmp/", "msg": "cd+++++++++ soft/\n<f+++++++++ soft/Class-Accessor-0.31.tar.gz\n<f+++++++++ soft/Config-Tiny-2.12.tar.gz\n<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz\n<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz\n<f+++++++++ soft/Params-Validate-0.91.tar.gz\n<f+++++++++ soft/Regexp-Common-2010010201.tar.gz\n<f+++++++++ soft/check_iostat\n<f+++++++++ soft/check_memory.pl\n<f+++++++++ soft/check_mysql\n<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz\n<f+++++++++ soft/nagios-3.5.1.tar.gz\n<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz\n<f+++++++++ soft/nrpe-2.12.tar.gz\n<f+++++++++ soft/pnp-0.4.14.tar.gz\n<f+++++++++ soft/rrdtool-1.2.14.tar.gz\n", "rc": 0, "stdout_lines": [ "cd+++++++++ soft/", "<f+++++++++ soft/Class-Accessor-0.31.tar.gz", "<f+++++++++ soft/Config-Tiny-2.12.tar.gz", "<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz", "<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz", "<f+++++++++ soft/Params-Validate-0.91.tar.gz", "<f+++++++++ soft/Regexp-Common-2010010201.tar.gz", "<f+++++++++ soft/check_iostat", "<f+++++++++ soft/check_memory.pl", "<f+++++++++ soft/check_mysql", "<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz", "<f+++++++++ soft/nagios-3.5.1.tar.gz", "<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz", "<f+++++++++ soft/nrpe-2.12.tar.gz", "<f+++++++++ soft/pnp-0.4.14.tar.gz", "<f+++++++++ soft/rrdtool-1.2.14.tar.gz" ] } 192.168.0.151 | SUCCESS => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh=/usr/bin/ssh -S none -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null --out-format=<<CHANGED>>%i %n%L /data/soft 192.168.0.151:/tmp/", "msg": "cd+++++++++ soft/\n<f+++++++++ soft/Class-Accessor-0.31.tar.gz\n<f+++++++++ soft/Config-Tiny-2.12.tar.gz\n<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz\n<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz\n<f+++++++++ soft/Params-Validate-0.91.tar.gz\n<f+++++++++ soft/Regexp-Common-2010010201.tar.gz\n<f+++++++++ soft/check_iostat\n<f+++++++++ soft/check_memory.pl\n<f+++++++++ soft/check_mysql\n<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz\n<f+++++++++ soft/nagios-3.5.1.tar.gz\n<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz\n<f+++++++++ soft/nrpe-2.12.tar.gz\n<f+++++++++ soft/pnp-0.4.14.tar.gz\n<f+++++++++ soft/rrdtool-1.2.14.tar.gz\n", "rc": 0, "stdout_lines": [ "cd+++++++++ soft/", "<f+++++++++ soft/Class-Accessor-0.31.tar.gz", "<f+++++++++ soft/Config-Tiny-2.12.tar.gz", "<f+++++++++ soft/Math-Calc-Units-1.07.tar.gz", "<f+++++++++ soft/Nagios-Plugin-0.34.tar.gz", "<f+++++++++ soft/Params-Validate-0.91.tar.gz", "<f+++++++++ soft/Regexp-Common-2010010201.tar.gz", "<f+++++++++ soft/check_iostat", "<f+++++++++ soft/check_memory.pl", "<f+++++++++ soft/check_mysql", "<f+++++++++ soft/libart_lgpl-2.3.17.tar.gz", "<f+++++++++ soft/nagios-3.5.1.tar.gz", "<f+++++++++ soft/nagios-plugins-1.4.16.tar.gz", "<f+++++++++ soft/nrpe-2.12.tar.gz", "<f+++++++++ soft/pnp-0.4.14.tar.gz", "<f+++++++++ soft/rrdtool-1.2.14.tar.gz" ] } 完成后查看一下你推送的文件: [root@Ansible ~]# ansible test -m command -a 'ls /tmp' 192.168.0.24 | SUCCESS | rc=0 >> ansible_88QywI soft
192.168.0.151 | SUCCESS | rc=0 >> ansible_lFLfGd soft
