ansible自动化运维工具-简单介绍
什么是ansible?
ansible是一种集成IT系统的配置管理、应用部署、执行特定任务的开源平台.它是基于python语言,由Paramiko和PyYAML两个关键模块构建。集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。
ansible的优势
· 部署简单,只需要在主控端部署Ansible环境,被控端无需做任何操作;
· 默认使用SSH(Secure SHell)协议对设备进行管理;
· 主从集中化管理;
· 配置简单、功能强大、扩展性强;
· 支持API及自定义模块,可通过Python轻松扩展;
· 通过Playbooks来定制强大的配置、状态管理;
· 对云计算平台、大数据都有很好的支持;
· 提供一个功能强大、操作性强的Web管理界面和REST API接口——AWX平台;
· 幂等性:一种操作重复多次结果相同。
ansible的安装和测试
1. epel源配置
yum install epel-release -y
2. yum安装
yum install ansible -y
ansible 配置
#在ansible的配置文件中添加主机信息,即可与目标主机进行通信,配置文件位置/etc/ansible/hosts,其中,[web][test]为主机组,可以批量控制主机组里面的所有主机,一个主机可以添加到多个组。
[root@centos7 ~] vim /etc/ansible/hosts
[web]
192.168.108.20
192.168.108.30
[test]
192.168.108.10
192.168.108.20
192.168.108.30
"/etc/ansible/hosts" 49L, 1092C
测试
[root@centos7 ~]# ansible test --list #查看用户组的成员
hosts (3):
192.168.108.20
192.168.108.30
192.168.108.10
配置之ssh等效性,由于ansible使用ssh协议,所以需要免密登录
[root@centos7 ~]# ssh-keygen -t rsa -b 2048
[root@centos7 ~]# ssh-copy-id root@192.168.108.10
[root@centos7 ~]# ssh-copy-id root@192.168.108.20
[root@centos7 ~]# ssh-copy-id root@192.168.108.30
测试是否能ping通
[root@centos7 ~]# ansible all -m ping #测试是否连通,出现pong则说明成功管理
[root@localhost ~]# ansible all -m ping
192.168.108.10 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.108.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.108.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
ansible的模块使用
1.远程命令模块
· command :默认的模块,可以运行远程权限范围所有的shell命令
· script:在远处主机上执行主控制端储存的shell脚本文件,相当于scp+shell组合
· shell:执行远程主机的shell脚本问文件
ansible web -m command -a “free -m”
[root@localhost ~]# ansible web -m command -a "free -m"
192.168.108.30 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1819 109 1564 9 145 1545
Swap: 3999 0 3999
192.168.108.20 | CHANGED | rc=0 >>
total used free shared buff/cache available
Mem: 1819 297 1334 9 187 1348
Swap: 3999 0 3999
首先编辑一个shell脚本
Vi hello.sh
#!/bin/bash
echo “helloworld”
ansible web -m script -a “/root/hello.sh”
[root@localhost ~]# ansible web -m script -a "/root/hello.sh"
192.168.108.30 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.108.30 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.108.30 closed."
],
"stdout": "helloworld\r\n",
"stdout_lines": [
"helloworld"
]
}
192.168.108.20 | CHANGED => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.108.20 closed.\r\n",
"stderr_lines": [
"Shared connection to 192.168.108.20 closed."
],
"stdout": "helloworld\r\n",
"stdout_lines": [
"helloworld"
]
}
ansible web -m shell -a “/root/hello.sh”,使用这个命令首先需要把hello.sh文件传到[web]组的服务器中,并且有执行权限才可以运行,这里我们可以使用copy模块
[root@localhost ~]# ansible web -m copy -a "src=/root/hello.sh dest=/root mode=755"
192.168.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "5f6a1eb8af1396931fb91ff22018c5093387dc88",
"dest": "/root/hello.sh",
"gid": 0,
"group": "root",
"md5sum": "61308af0a9ea72067b3dd1e087872375",
"mode": "0755",
"owner": "root",
"size": 30,
"src": "/root/.ansible/tmp/ansible-tmp-1608201766.63-7356-110700206627487/source",
"state": "file",
"uid": 0
}
192.168.108.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "5f6a1eb8af1396931fb91ff22018c5093387dc88",
"dest": "/root/hello.sh",
"gid": 0,
"group": "root",
"md5sum": "61308af0a9ea72067b3dd1e087872375",
"mode": "0755",
"owner": "root",
"size": 30,
"src": "/root/.ansible/tmp/ansible-tmp-1608201768.62-7354-52877933170195/source",
"state": "file",
"uid": 0
}
在执行shell
[root@localhost ~]# ansible web -m shell -a "/root/hello.sh"
192.168.108.20 | CHANGED | rc=0 >>
helloworld
192.168.108.30 | CHANGED | rc=0 >>
helloworld
2.copy模块
实现主控制端向目标拷贝文件.类似于scp
ansible web -m copy -a “src=/etc/fstab dest=/tmp/ owner=root group=root mode=744”
3.stat模块
获取远程文件状态信息,如atime,md5,uid等
ansible web -m stat -a “path=/root/hello.sh”
[root@localhost ~]# ansible web -m stat -a "path=/root/hello.sh"
192.168.108.30 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1608201824.0853748,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "5f6a1eb8af1396931fb91ff22018c5093387dc88",
"ctime": 1608201768.1187027,
"dev": 64768,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 202015679,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/x-shellscript",
"mode": "0755",
"mtime": 1608201767.658705,
"nlink": 1,
"path": "/root/hello.sh",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 30,
"uid": 0,
"version": "868496383",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}
192.168.108.20 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"stat": {
"atime": 1608201824.0958467,
"attr_flags": "",
"attributes": [],
"block_size": 4096,
"blocks": 8,
"charset": "us-ascii",
"checksum": "5f6a1eb8af1396931fb91ff22018c5093387dc88",
"ctime": 1608201769.6904979,
"dev": 64768,
"device_type": 0,
"executable": true,
"exists": true,
"gid": 0,
"gr_name": "root",
"inode": 201378841,
"isblk": false,
"ischr": false,
"isdir": false,
"isfifo": false,
"isgid": false,
"islnk": false,
"isreg": true,
"issock": false,
"isuid": false,
"mimetype": "text/x-shellscript",
"mode": "0755",
"mtime": 1608201769.414501,
"nlink": 1,
"path": "/root/hello.sh",
"pw_name": "root",
"readable": true,
"rgrp": true,
"roth": true,
"rusr": true,
"size": 30,
"uid": 0,
"version": "2126047138",
"wgrp": false,
"woth": false,
"writeable": true,
"wusr": true,
"xgrp": true,
"xoth": true,
"xusr": true
}
}
4.get_url模块
实现远程主机下载指定的URL到本地,支持sha256sum校验和
ansible web -m get_url -a “url=https://www.baidu.com/ dest=/tmp/index.html mode=440 force=yes”
[root@localhost ~]# ansible web -m get_url -a "url=https://www.baidu.com/ dest=/tmp/index.html mode=440 force=yes"
192.168.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "77e920ff2d5ce5ac4bb3c399c7f3fa29dd7ced82",
"dest": "/tmp/index.html",
"elapsed": 0,
"gid": 0,
"group": "root",
"md5sum": "8f1f3fef541f7dbb36a8755a9f0eff40",
"mode": "0440",
"msg": "OK (227 bytes)",
"owner": "root",
"size": 227,
"src": "/root/.ansible/tmp/ansible-tmp-1608201960.34-7491-30057435072817/tmpH7u1po",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://www.baidu.com/"
}
192.168.108.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum_dest": null,
"checksum_src": "77e920ff2d5ce5ac4bb3c399c7f3fa29dd7ced82",
"dest": "/tmp/index.html",
"elapsed": 2,
"gid": 0,
"group": "root",
"md5sum": "8f1f3fef541f7dbb36a8755a9f0eff40",
"mode": "0440",
"msg": "OK (227 bytes)",
"owner": "root",
"size": 227,
"src": "/root/.ansible/tmp/ansible-tmp-1608201960.33-7489-267808791366348/tmpo186MI",
"state": "file",
"status_code": 200,
"uid": 0,
"url": "https://www.baidu.com/"
}
5.yum模块
Linux平台软件包管理模块
ansible web -m yum -a “name=curl state=latest”
6.cron模块
远程主机的计划任务配置
ansible web -m cron -a ‘minute=* weekday=2,4,6 job="/usr/bin/wall FBI WARNING" name=warningcron’
[root@localhost ~]# ansible web -m cron -a 'minute=* weekday=2,4,6 job="/usr/bin/wall FBI WARNING" name=warningcron'
192.168.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron"
]
}
192.168.108.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron"
]
}
分时日月周
minute
hour
day
mounth
weekday
仅写minute代表剩下都是*
ansible web -m cron -a ‘name=“echo every 1 min” minute=* job="/usr/bin/echo “helloworld”"’
[root@localhost ~]# ansible web -m cron -a 'name="echo every 1 min" minute=* job="/usr/bin/echo "helloworld""'
192.168.108.30 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron",
"echo every 1 min"
]
}
192.168.108.20 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"warningcron",
"echo every 1 min"
]
}
查看所有
ansible web -m shell -a “crontab -l”
清除所有
ansible web -m shell -a “crontab -r”
[root@localhost ~]# ansible web -m shell -a "crontab -l"
192.168.108.30 | CHANGED | rc=0 >>
#Ansible: warningcron
* * * * 2,4,6 /usr/bin/wall FBI WARNING
#Ansible: echo every 1 min
* * * * * /usr/bin/echo "helloworld"
192.168.108.20 | CHANGED | rc=0 >>
#Ansible: warningcron
* * * * 2,4,6 /usr/bin/wall FBI WARNING
#Ansible: echo every 1 min
* * * * * /usr/bin/echo "helloworld"
[root@localhost ~]# ansible web -m shell -a "crontab -r"
192.168.108.30 | CHANGED | rc=0 >>
192.168.108.20 | CHANGED | rc=0 >>
你也可以通过命令禁用某一个或启用某一个
#取消{代表的是删除}
ansible all -m cron -a “name=warningcron state=absent”
ansible web -m cron -a “name=‘echo every 1 min’ state=absent”
#禁用
ansible all -m cron -a ‘disabled=true job="/usr/bin/wall FBI WARNING" name=warningcron’
#启用
ansible all -m cron -a ‘disabled=false job="/usr/bin/wall FBI WARNING" name=warningcron’
7.mount模块{不常用}
远程主机挂载
ansible web -m mount -a “name=/mnt/data dest=/dev/sda1 fstpe=ext4 opts=ro state=present”
8.service模块
远程主机系统服务管理
ansible web -m service -a “name=httpd state=restarted”
9.fetch模块
将web端的文件迁移到服务端上
[root@localhost ~]# ansible web -m fetch -a "src=/root/testfetch.txt dest=/root"
192.168.108.30 | CHANGED => {
"changed": true,
"checksum": "9c2c99562e967e24a8ad42b60a108f8daf7496ec",
"dest": "/root/192.168.108.30/root/testfetch.txt",
"md5sum": "6402507b93777993e49d3668d737e154",
"remote_checksum": "9c2c99562e967e24a8ad42b60a108f8daf7496ec",
"remote_md5sum": null
}
192.168.108.20 | CHANGED => {
"changed": true,
"checksum": "51095255b31001a50a2aa1433e456e0fb4787eb4",
"dest": "/root/192.168.108.20/root/testfetch.txt",
"md5sum": "39d1fd09f9d52a14451360b70efc2f79",
"remote_checksum": "51095255b31001a50a2aa1433e456e0fb4787eb4",
"remote_md5sum": null
}
[root@localhost ~]# ls
= 1 192.168.108.20 192.168.108.30 80 anaconda-ks.cfg hello.sh test.txt
[root@localhost ~]# ls 192.168.108.*
192.168.108.20:
root
192.168.108.30:
root
[root@localhost ~]# cat 192.168.108.20/root/testfetch.txt
192.168.108.20
[root@localhost ~]# cat 192.168.108.30/root/testfetch.txt
192.168.108.30
ansible的模块到现在为止一共2080个,需要自己慢慢摸索,我这里不久多列举了,查看模块的方法
[root@centos7 ~]# ansible-doc -s -l #列出所有模块
[root@centos7 ~]# ansible-doc fetch #查看详细的模块帮助文档
[root@centos7 ~]# ansible-doc -s fetch #简单查看模块的帮助文档