Ansible入门

最新推荐文章于 2024-09-07 08:59:33 发布

置顶

stevenux

最新推荐文章于 2024-09-07 08:59:33 发布

阅读量834

点赞数

分类专栏： Ansible Linux_service&platform 文章标签： ansible

本文链接：https://blog.csdn.net/YouOops/article/details/103453192

版权

本文介绍了Ansible作为自动化运维工具的背景、特性、架构及其安装与入门步骤。重点讲解了Ansible的核心模块，包括Command、Shell、Script、Copy、Fetch、File、unarchive、Archive、Hostname、Cron、Yum、Service、User和Group模块，帮助读者快速掌握Ansible的使用。

摘要由CSDN通过智能技术生成

一.ansible 背景介绍

Ansible 是一个广受欢迎的 IT 自动化系统。可以用来处理配置管理、应用自动化部署、云资源配给、网络
自动化和多借点部署等任务。其也可以使得复杂的变更如带负载均衡的零停机滚动更新更加容易。Ansible.com

1.1 自动化运维概念

1.1.1 运维自动化的内容

运维自动化是指将 IT 运维中的大量手工的日常任务(日常检查、配置变更、软件安装等)转为自动化完成。
高度的自动化是 IT 运维追求的目标，是未来 IT 运维发展的趋势。简单的说，IT 自动化就是基于事先建立的
框架和流程，将某些不可预测的事件与 IT 流程关联起来，一旦某个系统一有风吹草动，就会被相应的监控
系统检测到，并根据相关的预定义的流程执行相应的补救措施，这些自动补救的措施都是在无人干涉的情
况下自动完成的。从而大幅减少系统不可用时间。

1.1.2 运维工程师核心职能

平台架构组件
负责参与并审核架构设计的合理性和可运维性，搭建运维平台技术架构，通过开源解决方案，以确保在
产品发布之后能高效稳定的运行，保障并不断提升服务的可用性，确保用户数据安全，提升用户体验。
日常运营保障
负责用运维技术或者运维平台确保产品可以高效的发布上线，负责保障产品 7*24H 稳定运行，在此期间
对出现的各种问题可以快速定位并解决;在日常工作中不断优化系统架构和部署的合理性，以提升系统服务
的稳定性。
性能、效率优化
用自动化的工具/平台提升软件在研发生命周期中的工程效率。不断优化系统架构、提升部署效率、优化
资源利用率支持产品的不断迭代，需要不断的进行架构优化调整。以确保整个产品能够在功能不断丰富和
复杂的条件下，同时保持高可用性。

运维开发工程师的职能和使用的工具
对于运维工程师来说，掌握这些自动化运维工具并能够相应的扩展功能是必备的技能。

1.2 常见自动化运维工具介绍

常见自动化运维工具在 Github 的受欢迎程度–统计于 2019.12.8

自动化运维工具	Github Watch	Star	Fork	Contributors	Used by	Build language
Ansible	2000	40800	17700	4800	9400	Python
Saltstack	596	10500	4700	2163	not included	Python
Puppet	489	5600	2100	528	7300	Ruby
Chef	420	6000	2400	581	5800	Ruby
Fabric	519	11900	1800	9	not included	Python

能看出 ansible 和 saltstack 是比较受欢迎的工具。
各工具的源码托管地址：
Github-Ansible
Github-Saltstack
Github-Puppet
Github-Chef
Github-Fabric

1.3 ansible 背景

Ansible 由 Michael DeHaan(Cobbler 与 Func 作者)使用 Python 在 2012 年开发，ansible 的名称来自
《安德的游戏》中跨越时空的即时通信工具。于 2012-03-09，发布 0.0.1 版。在 2015-10-17，Red Hat
宣布 1.5 亿美元收购 Ansible。新版本的 RedHt 系统集成 Ansible。可以工作在 Linu、BSD、Mac OS 等
平台，目前是三大自动化运维工具(Ansible,Saltstack,Puppet)中最受欢迎的工具。
Ansible 官网和官方文档
官网
 官方文档
 Ansible 中文文档
Michael DeHaan 信息和博客
Linkedin-MichaelDehaan
Medium
ansible.com

二.ansible 特性介绍

ansible 特性
- 模块化：调用特定的模块，完成特定任务
- Paramiko（python 对 ssh 的实现），PyYAML，Jinja2（模板语言）三个关键模块
- 支持自定义模块，可使用任何编程语言写模块
- 基于 Python 语言实现
- 部署简单，基于 python 和 SSH(默认已安装)，agentless，无需代理不依赖 PKI（无需 ssl），
  去中心化部署
- 安全，基于 OpenSSH
- 幂等性：一个任务执行 1 遍和执行 n 遍效果一样，不因重复执行带来意外情况
- 支持 playbook 编排任务，YAML 格式，编排任务，支持丰富的数据结构
- 较强大的多层解决方案 role

三.ansible 架构介绍

3.1 Ansible 整体架构

Ansible 整体架构

3.2 Ansible 的核心模块

ansible 核心模块包括：
INVENTRY:ansible 控制和管理的主机清单
API: 供第三方程序调用的应用程序编程接口
MODULES:ansible 执行命令的功能模块，多数为内置核心，也可以自定义(基于 Python)
PLUGINS:模块功能的补充，如连接类的插件、循环插件、过滤插件等。
ANSIBLE 命令执行来源
USER:普通用户，即 SYSTEM ADMINISTRATOR
PLAYBOOKS:任务剧本（任务集），编排定义 Ansible 任务集的配置文件，由 Ansible 顺序依次
执行，通常是 JSON 格式的 YML 文件
CMDB(配置管理数据库): API 调用
PUBLIC/PRIVATE CLOUD: API 调用
USER-> Ansible Playbook -> Ansibile
Tips
执行 ansible 的主机一般称为主控端，中控，master 或堡垒机
主控端 Python 版本需要 2.6 或以上
被控端 Python 版本小于 2.4 需要安装 python-simplejson
被控端如开启 SELinux 需要安装 libselinux-python
windows 不能做为主控端

四.Ansible 安装和入门

4.1 Ansible 安装

RedHat 系列系统配置各版本的 epel 源直接 yum 安装
yum install ansible
编译安装

$yum -y install python-jinja2 PyYAML python-paramiko python-babel python-crypto
$tar xf ansible-1.5.4.tar.gz
$cd ansible-1.5.4
$python setup.py build
$python setup.py install
$mkdir /etc/ansible
$cp -r examples/* /etc/ansible

Git 安装

$git clone git://github.com/ansible/ansible.git --recursive
$cd ./ansible
$source ./hacking/env-setup

使用 Python 包管理器 pip 安装

yum install python-pip python-devel
yum install gcc glibc-devel zibl-devel  rpm-bulid openssl-devel
pip install  --upgrade pip
pip install ansible --upgrade

4.2 Ansible 配置

相关配置文件

/etc/ansible/ansible.cfg 主配置文件，配置 ansible 工作特性
/etc/ansible/hosts       主机清单
/etc/ansible/roles/      存放角色的目录

Ansible 主配置文件/etc/ansible/ansible.cfg

# config file for ansible -- https://ansible.com/
# ===============================================

# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first

[defaults]

# some basic default values...

#inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
#forks          = 5
#poll_interval  = 15
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False


# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
#gathering = implicit | explicit
#gather_subset = all | network | hardware | virtual | facter | ohai
# gather_timeout = 10
# inject_facts_as_vars = True
#roles_path    = /etc/ansible/roles
#host_key_checking = False
host_key_checking = False
#stdout_callback = skippy
#callback_whitelist = timer, mail
#task_includes_static = False
#handler_includes_static = False
#error_on_missing_handler = True
#sudo_exe = sudo
#sudo_flags = -H -S -n

# SSH timeout
#timeout = 10

# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root

# logging is off by default unless this path is defined
# if so defined, consider logrotate
log_path = /var/log/ansible.log

# default module name for /usr/bin/ansible
module_name = shell

# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh

# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together?  The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace

# by default, variables from roles will be visible in the global variable
# scope. To prevent this, the following option can be enabled, and only
# tasks and handlers within the role will see the variables there
#private_role_vars = yes

# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n

# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file

# If set, configures the path to the Vault password file as an alternative to
# specifying --vault-password-file on the command line.
#vault_password_file = /path/to/vault_password_file

# format of string {
   { ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
#ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
# {file}, {host}, {uid}, and the timestamp can all interfere with idempotence
# in some situations so the default is a static string:
#ansible_managed = Ansible managed

#display_skipped_hosts = True
#display_args_to_stdout = False
#error_on_undefined_vars = False
#system_warnings = True
#deprecation_warnings = True
# command_warnings = False

# set plugin path directories here, separate with colons
#action_plugins     = /usr/share/ansible/plugins/action
#cache_plugins      = /usr/share/ansible/plugins/cache
#callback_plugins   = /usr/share/ansible/plugins/callback
#connection_plugins = /usr/share/ansible/plugins/connection
#lookup_plugins     = /usr/share/ansible/plugins/lookup
#inventory_plugins  = /usr/share/ansible/plugins/inventory
#vars_plugins       = /usr/share/ansible/plugins/vars
#filter_plugins     = /usr/share/ansible/plugins/filter
#test_plugins       = /usr/share/ansible/plugins/test
#terminal_plugins   = /usr/share/ansible/plugins/terminal
#strategy_plugins   = /usr/share/ansible/plugins/strategy

#strategy = free
#bin_ansible_callbacks = False
#nocows = 1
#cow_selection = default
#cow_selection = random
#cow_whitelist=bud-frogs,bunny,cheese,daemon,default,dragon,elephant-in-snake,elephant,eyes,\
#              hellokitty,kitty,luke-koala,meow,milk,moofasa,moose,ren,sheep,small,stegosaurus,\
#              stimpy,supermilker,three-eyes,turkey,turtle,tux,udder,vader-koala,vader,www
#nocolor = 1
#fact_caching = memory
#For the redis plugin, the value is a host:port:database triplet: fact_caching_connection = localhost:6379:0
#fact_caching_connection=/tmp
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
#squash_actions = apk,apt,dnf,homebrew,pacman,pkgng,yum,zypper

# prevents logging of task data, off by default
#no_log = False

# prevents logging of tasks, but only on the targets, data is still logged on the master/controller
#no_target_syslog = False

# controls whether Ansible will raise an error or warning if a task has no
# choice but to create world readable temporary files to execute a module on
# the remote machine.  This option is False by default for security.  Users may
# turn this on to have behaviour more like Ansible prior to 2.1.x.  See
# https://docs.ansible.com/ansible/become.html#becoming-an-unprivileged-user
# for more secure ways to fix this than enabling this option.
#allow_world_readable_tmpfiles = False

# controls the compression level of variables sent to
# worker processes. At the default of 0, no compression
# is used. This value must be an integer from 0 to 9.
#var_compression_level = 9

# controls what compression method is used for new-style ansible modules when
# they are sent to the remote system.  The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory
# variable
#module_compression = 'ZIP_DEFLATED'

# This controls the cutoff point (in bytes) on --diff for files
# set to 0 for unlimited (RAM may suffer!).
#max_diff_size = 1048576

# This controls how ansible handles multiple --tags and --skip-tags arguments
# on the CLI.  If this is True then multiple arguments are merged together.  If
# it is False, then the last specified argument is used and the others are ignored.
# This option will be removed in 2.8.
#merge_multiple_cli_flags = True

# Controls showing custom stats at the end, off by default
#show_custom_stats = True

# Controls which files to