一、简介
特点:
基于pyton开放
分布式,不需要客户端,最大优势。
轻量级
二、ansible基本构成
1、核心模块:自带的模块
2、扩展模块:可以添加的模块
3、插件(plugins)完成模块功能的补充
4、剧本(playbooks):配置文件,由ansible自动执行
5、主机群(host invertory):定义管理的主机
三、安装ansible
[root@ms.dtedu.com~]$yum install ansible -y
[root@ms.dtedu.com~]$rpm -ql ansible
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
/etc/ansible/roles
/usr/bin/ansible
/usr/bin/ansible-console
/usr/bin/ansible-doc
/usr/bin/ansible-galaxy
/usr/bin/ansible-playbook
/usr/bin/ansible-pull
/usr/bin/ansible-vault
四、命令详解
常用参数:
-u remote_user:指定远程主机用户名,默认是root
-i :指定主机清单,默认是/etc/ansible/hosts文件
-m moudule_name:指定模块名称,默认是command模块。
-a module_args:指定模块参数
五、主机清单的配置方法
1、定义组名:用来将多个主机分组管理,组名用中括号括起来
2、定义主机名:可以使用ip地址,域名,连续主机,比如test[1:3].dtedu.com,相当于test1.dtedu.com test2.dtedu.com test3.dtedu.com
3、指定远程主机的用户名:此种适用于远程主机名不同的情况,但是密码是相同的,如果也不同,建议使用ssh-keygen进行证书认证。
4、指定远程主机的ssh端口
5、跳过首次登陆时,输入yes/no信息。
6、多组间可以实现嵌套,比如[mfs children]
[dtedu]
10.40.0.[220:230]
node[5:6].dtedu.com ansible_ssh_user=dtedu ansible_ssh_port=3242 host_key_checking=false
六、ansible的常见模块
1、查看ansible加载的常见模块
[root@ms.dtedu.com~]$ansible-doc -l
a10_server Manage A10 Networks AX/SoftAX/Thunder/vTh...
a10_service_group Manage A10 Networks devices' service grou...
a10_virtual_server Manage A10 Networks devices' virtual serv...
acl Sets and retrieves file ACL information.
add_host add a host (and alternatively a group) to...
airbrake_deployment Notify airbrake about app deployments
alternatives Manages alternative programs for common c...
apache2_mod_proxy Set and/or get members' attributes of an
查看模块常用选项:
[root@ms.dtedu.com~]$ansible-doc -s command
- name: Executes a command on a remote node
action: command
chdir # cd into this directory before running the command
creates # a filename or (since 2.0) glob pattern, when it
already exists,
this step will
*not* be run.
executable # change the shell used to execute the command.
Should be an
absolute path to
the executable.
free_form= # the command module takes a free form command to
run. There is no
1.1 setup模块
用来收集客户端详细信息
[root@ms.dtedu.com~]$ansible all -m setup
node5.dtedu.com | SUCCESS => {
"ansible_facts": {
"ansible_all_ipv4_addresses": [
"10.40.0.225",
"192.168.1.23"
],
"ansible_all_ipv6_addresses": [],
"ansible_architecture": "x86_64",
"ansible_bios_date": "07/02/2015",
"ansible_bios_version": "6.00",
"ansible_cmdline": {
"KEYBOARDTYPE": "pc",
"KEYTABLE": "us",
"LANG": "en_US.UTF-8",
"SYSFONT": "latarcyrheb-sun16",
"crashkernel": "129M@0M",
"quiet": true,
"rd_LVM_LV": "VolGroup/lv_root",
"rd_NO_DM": true,
"rd_NO_LUKS": true,
"rd_NO_MD": true,
"rhgb": true,
"ro": true,
"root": "/dev/mapper/VolGroup-lv_root"
},
"ansible_date_time": {
"date": "2017-04-06",
"day": "06",
"epoch": "1491503092",
"hour": "14",
"iso8601": "2017-04-06T18:24:52Z",
"iso8601_basic": "20170406T142452605752",
"iso8601_basic_short": "20170406T142452",
"iso8601_micro": "2017-04-06T18:24:52.605910Z",
"minute": "24",
"month": "04",
1.2 ping模块
检查目的主机是否存活。
root@ms.dtedu.com~]$ansible all -m ping
node5.dtedu.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
node6.dtedu.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
1.3 file模块
file模块包含的选项:
force:创建软连接,适用情况有两种:
1.3.1源文件不存在,但稍后会建立的情况。
1.3.2目的软连接已经存在了,需要先删除以前的软连接,再重新创建的情况。
group:定义文件(目录)的属组
mode:定义文件(目录)的权限
owner:定义文件(目录)的属主
path:定义文件(目录)的位置 ,不需存在
recurse:递归有效
src:被链接的源
dest:链接的目的路径
state:状态
directory:如果目录不存在,就创建
file:即使文件不存在也不会创建
link:软连接
hard:硬链接
touch,不存在就创建
absent:删除链接文件
创建硬链接文件
[root@ms.dtedu.com~]$ansible all -m file -a "src=/root/install.log dest=/tmp/new.log state=hard "
node5.dtedu.com | SUCCESS => {
"changed": false,
"dest": "/tmp/new.log",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 17,
"src": "/root/install.log",
"state": "link",
"uid": 0
}
删除链接文件
[root@ms.dtedu.com~]$ansible all -m file -a "path=/tmp/new.log state=absent "
node6.dtedu.com | SUCCESS => {
"changed": true,
"path": "/tmp/new.log",
"state": "absent"
}
创建文件,目录,并属主属组属性
[root@ms.dtedu.com~]$ansible all -m file -a "path=/tmp/111 state=directory group=mysql owner=mysql"
node5.dtedu.com | SUCCESS => {
"changed": false,
"gid": 306,
"group": "mysql",
"mode": "0755",
"owner": "mysql",
"path": "/tmp/111",
"size": 4096,
"state": "directory",
"uid": 306
[root@ms.dtedu.com~]$ansible all -m file -a "path=/tmp/123 state=touch"
node5.dtedu.com | SUCCESS => {
"changed": false,
"gid": 306,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/tmp/123",
"size": 4096,
"state": "file",
"uid": 306
1.4 copy模块
用于将管理主机上的文件复制到远程主机上。
常用选项
backup:在覆盖远程主机文件之前是否进行备份,yes/no
content:用来替代“src”,可以设定指定文件的值,文件包含的内容。
src:功能类似rsync的路径指定,路径可以是绝对路径,也可是相对路径,默认递归复制目录下的所以内容,如果路径结尾有”/“,则只复制目录里面的内容,如果没有“/”,则可以复制整个目录及目录里面的内容。
dest:指定复制的目的路径
[root@ms.dtedu.com~]$ansible all -m copy -a "src=/root/ipvsadm-DR-director.sh dest=/tmp/ backup=yes owner=mysql group=mysql"
node6.dtedu.com | SUCCESS => {
"changed": false,
"checksum": "d89ca93fa272340e62ef2728ada5a3ae33cf6141",
"dest": "/tmp/ipvsadm-DR-director.sh",
"gid": 306,
"group": "mysql",
"mode": "0644",
"owner": "mysql",
"path": "/tmp/ipvsadm-DR-director.sh",
"secontext": "unconfined_u:object_r:admin_home_t:s0",
"size": 1607,
"state": "file",
"uid": 306
}
[root@node5.dtedu.com /tmp]# ll
total 36
drwxr-xr-x. 2 mysql mysql 4096 Apr 6 14:53 111
-rw-r--r--. 1 root root 0 Apr 6 14:54 123
-rw-------. 1 root root 100 Mar 31 22:08 crontab.3O6fYJ
-rw-r--r--. 1 mysql mysql 1607 Apr 6 15:27 ipvsadm-DR-director.sh
1.5 command模块,shell模块基本和command模块相似,只多了一个管道命令。“|”
在远程主机上执行shell命令
常用选项:
creates:判断一个文件是否存在,通常作为执行下一条命令的条件语句使用,表示如果文件存在,则命令不执行。
removes:判断一个文件是否存在,通常作为执行下一条命令的条件语句使用,表示如果文件不存在,则不执行。
chdir:执行命令前,先进入指定目录
样例:
1、如果/tmp/123文件存在,就删除它。
[root@ms.dtedu.com~]$ansible all -m command -a "removes=/tmp/123 rm -rf /tmp/123"
node6.dtedu.com | SUCCESS | rc=0 >>
node5.dtedu.com | SUCCESS | rc=0 >>
2、对/tmp/目录下的所以文件进行归档,归档前先进入目录
[root@ms.dtedu.com~]$ansible all -a "chdir=/tmp tar -zcf 1.tar yum.log"
node6.dtedu.com | SUCCESS | rc=0 >>
node5.dtedu.com | SUCCESS | rc=0 >>
1.6、service模块
用于管理服务
常用选项:
argument:给命令提供一个选项
enabled:开机是否启动服务 yes/no
name:服务的名称
pattern:
runlevel:服务运行级别
sleep:服务在重启时,等待时间
state:服务执行的操作,started、stopped、restarted、reloaded
远程开启httpd服务,要求开机自动启动,重启等待4秒,启动级别为5
[root@ms.dtedu.com~]$ansible all -m service -a "name=httpd state=restarted sleep=4 enabled=yes runlevel=5"
node5.dtedu.com | SUCCESS => {
"changed": true,
"enabled": true,
"name": "httpd",
"state": "started"
}
1.7 cron模块
用于管理远程主机的计划任务
backup:是否备份远程主机的计划任务
cron_file:如果指定此选项则替换远程主机上cron.d目录下的原有计划任务
day:日
hour:小时
minute:分钟
month:月
weekday:周(1-7)
job:要执行的任务,依赖于state=present
name:任务描述
special_time:指定什么时候执行,reboot,yearly,monthly、weekly、daily、hourly
state:任务计划是创建还是删除,touch,absent。
user:执行任务的用户
样例:默认是在原有计划任务中追加条目,前提是name名称不同。
1、每个时间的01分时显示用户的家目录。
[root@ms.dtedu.com~]$ansible all -m cron -a "minute=1 user=root job='/bin/ls' name='test' "
node5.dtedu.com | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
客户端信息
[root@node5.dtedu.com /tmp]# crontab -l
* */20 * * * /usr/sbin/ntpdate 0.asia.pool.ntp.org
* */20 * * * /usr/sbin/ntpdate 1.cn.pool.ntp.org
#Ansible: test
*/1 * * * * /bin/ls /tmp
2、每隔1分钟显示用户的/tmp目录
[root@ms.dtedu.com~]$ansible all -m cron -a "minute=*/1 user=root job='/bin/ls /tmp' name='test' "
node6.dtedu.com | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
[root@node5.dtedu.com /tmp]# crontab -l
* */20 * * * /usr/sbin/ntpdate 0.asia.pool.ntp.org
* */20 * * * /usr/sbin/ntpdate 1.cn.pool.ntp.org
#Ansible: test
@weekly /bin/ls
3、删除一条计划任务,如果事先有命名说明,可以直接指定名字。
[root@ms.dtedu.com~]$ansible all -m cron -a " name='test1' state=absent"
node6.dtedu.com | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"test"
]
}
1.8 filesystem模块
在块设备上创建文件系统
选项:
dev:指定块设备
force:在一个已有文件系统的块设备上强制重建
fsystem:指定文件系统类型
opts:传递给mkfs命令的参数
1.9 yum模块
使用yum安装软件
选项:
config_file:yum的配置文件
disable_gpg_check:关闭gpg_check检测
disablerepo:关闭指定的yum仓库
enablerepo:开启指定的yum仓库
name:要进行安装的软件包名称,也可以传递一个url或者本地(管理服务器)的rpm包的路径
state:状态,present | installed(创建),absent(删除),latest(更新)
安装软件包
[root@ms.dtedu.com~]$ansible all -m yum -a "name=nmap state=installed "
node5.dtedu.com | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirror.bit.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: mirror.bit.edu.cn\n * updates: mirrors.tuna.tsinghua.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package nmap.x86_64 2:5.51-6.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n nmap x86_64 2:5.51-6.el6 base 2.8 M\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 2.8 M\nInstalled size: 9.7 M\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : 2:nmap-5.51-6.el6.x86_64 1/1 \n\r Verifying : 2:nmap-5.51-6.el6.x86_64 1/1 \n\nInstalled:\n nmap.x86_64 2:5.51-6.el6 \n\nComplete!\n"
]
}
安装软件包组,需要在包组前加@
[root@ms.dtedu.com~]$ansible all -m yum -a "name=@Emacs state=installed "
node6.dtedu.com | SUCCESS => {
"changed": true,
"msg": "",
"rc": 0,
"results": [
"Loaded plugins: fastestmirror, refresh-packagekit\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.tuna.tsinghua.edu.cn\n * epel: mirrors.tuna.tsinghua.edu.cn\n * extras: mirrors.tuna.tsinghua.edu.cn\n * updates: mirror.bit.edu.cn\nResolving Dependencies\n--> Running transaction check\n---> Package emacs.x86_64 1:23.1-28.el6 will be installed\n--> Processing Dependency: emacs-common = 1:23.1-28.el6 for package: 1:emacs-23.1-28.el6.x86_64\n--> Processing Dependency: m17n-db-datafiles for package: 1:emacs-23.1-28.el6.x86_64\n--> Processing Dependency: libotf.so.0()(64bit) for package: 1:emacs-23.1-28.el6.x86_64\n--> Processing Dependency: libm17n-flt.so.0()(64bit) for package: 1:emacs-23.1-28.el6.x86_64\n--> Processing Dependency: libm17n-core.so.0()(64bit) for package: 1:emacs-23.1-28.el6.x86_64\n--> Processing Dependency: libXpm.so.4()(64bit) for package: 1:emacs-23.1-28.el6.x86_64\n--> Running transaction check\n---> Package emacs-common.x86_64 1:23.1-28.el6 will be installed\n---> Package libXpm.x86_64 0:3.5.10-2.el6 will be installed\n---> Package libotf.x86_64 0:0.9.9-3.1.el6 will be installed\n--> Processing Dependency: libXaw.so.7()(64bit) for package: libotf-0.9.9-3.1.el6.x86_64\n---> Package m17n-db-datafiles.noarch 0:1.5.5-1.1.el6 will be installed\n--> Processing Dependency: m17n-db = 1.5.5-1.1.el6 for package: m17n-db-datafiles-1.5.5-1.1.el6.noarch\n---> Package m17n-lib.x86_64 0:1.5.5-2.el6_1.1 will be installed\n--> Running transaction check\n---> Package libXaw.x86_64 0:1.0.11-2.el6 will be installed\n---> Package m17n-db.noarch 0:1.5.5-1.1.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n emacs x86_64 1:23.1-28.el6 base 2.2 M\nInstalling for dependencies:\n emacs-common x86_64 1:23.1-28.el6 base 18 M\n libXaw x86_64 1.0.11-2.el6 base 178 k\n libXpm x86_64 3.5.10-2.el6 base 51 k\n libotf x86_64 0.9.9-3.1.el6 base 80 k\n m17n-db noarch 1.5.5-1.1.el6 base 41 k\n m17n-db-datafiles noarch 1.5.5-1.1.el6 base 717 k\n m17n-lib x86_64 1.5.5-2.el6_1.1 base 157 k\n\nTransaction Summary\n================================================================================\nInstall 8 Package(s)\n\nTotal download size: 22 M\nInstalled size: 73 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 3.6 MB/s | 22 MB 00:05 \nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : libXpm-3.5.10-2.el6.x86_64 1/8 \n\r Installing : m17n-db-1.5.5-1.1.el6.noarch 2/8 \n\r Installing : m17n-db-datafiles-1.5.5-1.1.el6.noarch 3/8 \n\r Installing : m17n-lib-1.5.5-2.el6_1.1.x86_64 4/8 \n\r Installing : libXaw-1.0.11-2.el6.x86_64 5/8 \n\r Installing : libotf-0.9.9-3.1.el6.x86_64 6/8 \n\r Installing : 1:emacs-common-23.1-28.el6.x86_64 7/8 \n\r Installing : 1:emacs-23.1-28.el6.x86_64 8/8 \n\r Verifying : m17n-db-datafiles-1.5.5-1.1.el6.noarch 1/8 \n\r Verifying : libotf-0.9.9-3.1.el6.x86_64 2/8 \n\r Verifying : m17n-db-1.5.5-1.1.el6.noarch 3/8 \n\r Verifying : 1:emacs-23.1-28.el6.x86_64 4/8 \n\r Verifying : libXpm-3.5.10-2.el6.x86_64 5/8 \n\r Verifying : m17n-lib-1.5.5-2.el6_1.1.x86_64 6/8 \n\r Verifying : 1:emacs-common-23.1-28.el6.x86_64 7/8 \n\r Verifying : libXaw-1.0.11-2.el6.x86_64 8/8 \n\nInstalled:\n emacs.x86_64 1:23.1-28.el6 \n\nDependency Installed:\n emacs-common.x86_64 1:23.1-28.el6 libXaw.x86_64 0:1.0.11-2.el6 \n libXpm.x86_64 0:3.5.10-2.el6 libotf.x86_64 0:0.9.9-3.1.el6 \n m17n-db.noarch 0:1.5.5-1.1.el6 m17n-db-datafiles.noarch 0:1.5.5-1.1.el6 \n m17n-lib.x86_64 0:1.5.5-2.el6_1.1 \n\nComplete!\n"
]
}