Ansible介绍:
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
ansible通过ssh实现配置管理,应用部署,任务执行等功能,建议配置ansible端能基于密钥认证的方式联系各被管理节 点
- -m module 指定模块,默认为command
- -V 详细过程 -VV -VVV更详细
- --list-hosts 显示主机列表,可简写-list
- -k, --ask-pass 提示输入ssh连接密码,默认key认证
- -C, --check 检查,并不执行
- -T, --timeout=TIMEOUT执行命令的超时时间
- -u, --usr=REMOTE_USER执行远程执行的用户
- -b, --become 替代旧版的sudo切换
安装Ansible
$ yum install -y epel-release
$ yum install -y ansible
设置密钥互信(在此不做演示)
定义主机群组
$ vim /etc/ansible/hosts
[testhost]
128.199.233.164创建在客机器创建te目录
$ansible all -m file -a 'name=/opt/sh/te state=directory'
128.199.133.53 | CHANGED => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/sh/te",
"size": 6,
"state": "directory",
"uid": 0
}
执行远程命令(ansible模块--command)
#单个机器
$ ansible 128.199.233.164 -m command -a 'hostname'
128.199.233.164 | CHANGED | rc=0 >>
sasha-lab.net
#机器组
$ ansible testhost -m command -a 'hostname'
128.199.233.164 | CHANGED | rc=0 >>
sasha-lab.net
说明: -m:指定ansible要调用的模块;-a:指定具体命令
ansible模块——shell
$ ansible testhost -m shell -a 'cat /etc/passwd|grep root'
128.199.233.164 | CHANGED | rc=0 >>
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
注: command模块和shell模块的区别是:shell模块支持“管道符”及脚本
ansible拷贝文件或目录 --copy模块
说明: 源文件或目录会放到目标目录下面。src表示源地址,dest表示目标地址
$ ansible testhost -m copy -a "src=/tmp/test.txt dest=/tmp/testdir/ owner=root group=root mode=0644"
128.199.233.164 | CHANGED => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/tmp/testdir/test.txt",
"gid": 0,
"group": "root",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"mode": "0644",
"owner": "root",
"size": 0,
"src": "/root/.ansible/tmp/ansible-tmp-1552902668.46-70704035941456/source",
"state": "file",
"uid": 0
}
#客机器
$ ll /tmp/testdir/test.txt
-rw-r--r-- 1 root root 0 Mar 18 09:51 /tmp/testdir/test.txt
ansible实现任务计划
$ ansible asiahost -m cron -a "name='test cron' job='/bin/touch /tmp/110.txt' weekday=6"
159.89.196.125 | CHANGED => {
"changed": true,
"envs": [],
"jobs": [
"test cron"
]
}
#客机器
$ crontab -l
#Ansible: test cron
* * * * 6 /bin/touch /tmp/110.txt
时间:分钟minute 小时hour 日day 月份month 删除计划任务:
只需加上参数——“state=absent”
$ ansible asiahost -m cron -a "name='test cron' job='/bin/touch /tmp/110.txt' weekday=6 state=absent"
128.199.133.53 | CHANGED => {
"changed": true,
"envs": [],
"jobs": []
}列出所有模块:
$ ansible-doc -l
查看指定模块的参数:
$ ansible-doc cron
ansible playbook
说明:相当于把模块写入到配置文件里面,然后单独执行配置文件实现自动化操作
vim touch.yml
---
- hosts: 139.162.10.154
remote_user: root
tasks:
- name: testfile
shell: touch /tmp/test.txt
#执行
$ ansible-playbook synfile.yml
PLAY [139.162.10.154] *****************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************
ok: [139.162.10.154]
TASK [testfile] ***********************************************************************************************************
[WARNING]: Consider using the file module with state=touch rather than running 'touch'. If you need to use command
because file is insufficient you can add 'warn: false' to this command task or set 'command_warnings=False' in ansible.cfg
to get rid of this message.
changed: [139.162.10.154]
PLAY RECAP ****************************************************************************************************************
139.162.10.154 : ok=2 changed=1 unreachable=0 failed=0
#查看客机器
$ ll /tmp/
total 0
-rw-r--r--. 1 root root 0 Mar 19 10:25 test.txt同步nginx配置文件到多台服务器上
---
- hosts: asiahost
remote_user: root
tasks:
- name: cp nginx conf
copy: src=/usr/local/nginx/conf/vhost/ dest=/usr/local/nginx/conf/vhost/
- name: restart nginx
shell: /usr/local/nginx/sbin/nginx -s reload
增删用户
- hosts: rmroot
vars:
access_user:
- { name: 'www' ,key: '/home/anna/.ssh/id_rsa.pub' }
#- { name: 'test' ,key: '/home/anna/.ssh/id_rsa.pub' }
delete_user:
- { name: 'test5' ,key: '/home/anna/.ssh/id_rsa.pub' }
group_name: test_ansible
tasks:
- name: create group
group:
name: "{{ group_name }}"
state: present
- name: create user
user:
name: "{{ item.name }}"
shell: /bin/bash
#group: "{{ group_name }}"
groups: "{{ group_name }}"
createhome: yes
#home: /home/{{ user_name }}
#expires: "{{ expire }}"
state: present
with_items: "{{ access_user }}"
- name: add key
authorized_key:
user: "{{ item.name }}"
key: "{{ lookup('file', '{{ item.key }}') }}"
state: present
with_items: "{{ access_user }}"
- name: delete user
user:
name: "{{ item.name }}"
state: absent
with_items: "{{ delete_user }}"
- name: sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%{{ group_name }}'
line: '%{{ group_name }} ALL=(ALL) NOPASSWD: /usr/local/php/bin/php,/usr/bin/crontab -l,/usr/bin/su - www,/usr/bin/git,/usr/bin/systemctl,!/usr/bin/su - root'说明:这个脚本可以实现自动添加删除用户(加入用户组),并且设置用户权限,方便运维管理用户
ansible script(运行脚本)
说明:传统方式执行脚本先是把脚本同步到每台机器上,然后再通过ansible来执行,使用script 模块的话不需要做同步.
#测试脚本
vim test.sh
#!/bin/bash
hostname
#执行ansible命令
$ansible all -m script -a '/opt/sh/test.sh'
159.89.196.125 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 159.89.196.125 closed.\r\n",
"stderr_lines": [
"Shared connection to 159.89.196.125 closed."
],
"stdout": "sasha-lab.net\r\n",
"stdout_lines": [
"sasha-lab.net"
]
}
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
