主要功能:
批量系统配置、批量程序部署、批量运行命令
Ansible的核心套件;
Host Inventory:主机清单
定义控管的主机列表
Connection Plugins:连接套件
ssh 节点要给ansible提供账号和密码(root)
PlayBooks:剧本;节点要执行的操作
遵循python语言格式,yml脚本
module:完成剧本中编排的工作任务
ansible的底层就是ssh。
安装和开始ansible。
要安装ansible 软件需要用到epel源。
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
直接执行这个就是阿里镜像的epel源。
然后直接安装
[root@localhost ~]# yum install ansible -y
172.16.12.73 ansible-server
172.16.12.74 node1
172.16.12.75 node2
[root@localhost ~]# cd /etc/ansible/
[root@localhost ansible]# ls
ansible.cfg hosts roles
目录结构
hosts是主机列表,就是要自动化部署的主机。
ansible.cfg就是要编辑的配置文件。
直接列表hosts文件,直接这么写。
[node]
172.16.12.74
172.16.12.75
[root@localhost ansible]# ansible 172.16.12.74 -m ping -k //测试;连通性。ping
-m 表示带入ansible的模块
ping 测试对端节点是否存活
-k 交互式操作,要输入对端节点的密码
SSH password:
172.16.12.74 | FAILED! => {
"msg": "Using a SSH password instead of a key is not possible because Host Key checking is enabled and sshpass does not support this. Please add this host's fingerprint to your known_hosts file to manage this host."
}
这个错误是指在这台主机上没有被连接机器的指纹信息。ssh嘛。
很简单,连接一次就可以了。
[root@localhost ansible]# ssh 172.16.12.74
The authenticity of host '172.16.12.74 (172.16.12.74)' can't be established.
ECDSA key fingerprint is SHA256:Mk2Aq/lf1zpcxmJ1nvsl5Vx90ZSmMxcyZnTRt1G3+iE.
ECDSA key fingerprint is MD5:bd:68:5b:d0:d7:f0:dd:a4:53:b9:53:72:23:68:10:82.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.12.74' (ECDSA) to the list of known hosts.
root@172.16.12.74's password:
Last login: Wed Dec 4 09:16:17 2019 from 172.16.12.1
[root@localhost ~]# exit
logout
Connection to 172.16.12.74 closed.
[root@localhost ansible]# ansible 172.16.12.74 -m ping -k
SSH password:
.172.16.12.74 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
再执行测试就可以了
但是这样需要人为的写密码。
配置问件这样写。
[node]
172.16.12.74 ansible_ssh_user=root ansible_ssh_pass=123456
172.16.12.75 ansible_ssh_user=root ansible_ssh_pass=123456
很清楚,就是指定了密码和用户 node 是起的名字,或者叫分组信息,同一个组里的操作相同。
[root@localhost ansible]# ansible node -m ping
172.16.12.74 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
172.16.12.75 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
注意这个主机的密码不要用00000000这种,不要有0。否则会出现莫名其妙的错误。不能连接。我就是出了这个错,调了好久找不到问题,就提示密码错误。
但是在hosts文件,记录节点的root密码,不安全?
ansible连接节点,无密码操作。
ssh连接节点,不需要输入密码。
[root@localhost ansible]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:LPaB9tIv72s6phbFjlLs174AS0vd6m3xem95hyNj4LQ root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| |
| |
| . . |
| o+o. |
| oO+S.. |
| .=+Ooo= |
| .+o*+ = o |
| .o++E * = o|
| ..ooOO* =.o.|
+----[SHA256]-----+
[root@ansible ~]# vim scp-sshpubkey.sh
#!/bin/bash
# 分发ansible的ssh公钥
pass='123'
pubkey="/root/.ssh/id_rsa.pub"
file="/root/ipfile"
while read ip
do
sshpass -p $pass ssh-copy-id -o StrictHostKeyChecking=no -i $pubkey $ip &> /dev/null && echo "$ip sshpubkey is success."
done < $file
脚本含义。
pass:要连接的远程主机密码
pubkey:本地生成的公钥文件位置
20240325优化,pass改成单引号,解决因为密码特殊字符被转义执行失败问题。并且添加-o StrictHostKeyChecking=no参数不用第一次登录输入yes了。
分发公钥之后
hosts文件
[node]
172.16.12.74
172.16.12.75
[root@localhost ansible]# ansible node -m ping
发现通畅。
介绍ansible的常用模块:
1、 ping
功能:测试节点是否存活。
2、 command
功能:在远程节点直接执行命令;不支持使用管道|
[root@ansible ~]# ansible node -m command -a "mkdir /tmp/dir1"
[root@ansible ~]# ansible node -m command -a "ls /tmp"
[root@ansible-server ansible]# ansible node -m command -a "touch /tmp/f1"
172.16.12.75 | CHANGED | rc=0 >>
172.16.12.74 | CHANGED | rc=0 >>
3、copy
功能:将ansible上的文件,拷贝到远程节点。
[root@ansible ~]# ansible node -m copy -a "src=/etc/hosts dest=/tmp/hosts"
src 源文件
dest 目的文件
backup 备份目标文件
owner 指定目标文件的所有者
mode 指定目标文件的权限
[root@ansible ~]# ansible node -m copy -a "src=/etc/hosts dest=/tmp/hosts backup=yes"
[root@ansible ~]# ansible node -m copy -a "src=/root/1.sh dest=/tmp/1.sh mode=755"
[root@ansible ~]# ansible node -m command -a "/tmp/1.sh"
[root@ansible-server ~]# ansible node -m copy -a "src=/etc/passwd dest=/tmp/ansible-server/password mode=644 backup=yes"
172.16.12.75 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "eb7a79b6d37610e2380e31e343ee720946e4109c",
"dest": "/tmp/ansible-server/password",
"gid": 0,
"group": "root",
"md5sum": "93dcd0dcbf91df3427abdef72c52e575",
"mode": "0644",
"owner": "root",
"size": 990,
"src": "/root/.ansible/tmp/ansible-tmp-1575971510.55-189588734553241/source",
"state": "file",
"uid": 0
}
172.16.12.74 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "eb7a79b6d37610e2380e31e343ee720946e4109c",
"dest": "/tmp/ansible-server/password",
"gid": 0,
"group": "root",
"md5sum": "93dcd0dcbf91df3427abdef72c52e575",
"mode": "0644",
"owner": "root",
"size": 990,
"src": "/root/.ansible/tmp/ansible-tmp-1575971510.54-126087055467045/source",
"state": "file",
"uid": 0
}
输出的内容是很多。。。。。。
4、file模块
功能:管理远程节点的文件。
[root@ansible ~]# ansible node -m file -a "path=/tmp/file1 state=touch"
path 指定文件的路径
state 控管文件
touch 创建文件
directory 创建目录,目录不存在的情况下
absent 删除
[root@ansible ~]# ansible node -m file -a "path=/tmp/dir1 state=directory"
[root@ansible ~]# ansible node -m file -a "path=/tmp/dir2 state=directory"
[root@ansible ~]# ansible node -m file -a "path=/tmp/f1 state=absent
[root@ansible ~]# ansible node -m file -a "path=/tmp/dir1 state=absent"
0[root@ansible ~]# ansible node -m file -a "path=/tmp/file2 owner=user1 group=user1 mode=755 state=touch"
[root@ansible ~]# ansible node -m command -a "ls -l /tmp/file2"
172.16.0.31 | CHANGED | rc=0 >>
-rwxr-xr-x 1 user1 user1 0 Dec 4 13:47 /tmp/file2
172.16.0.32 | CHANGED | rc=0 >>
-rwxr-xr-x 1 user1 user1 0 Dec 4 13:47 /tmp/file2
5、user模块
功能:管理远程节点的用户
6、 group模块
功能:管理远程节点的组
[root@ansible ~]# ansible node -m user -a "name=user1"
== useradd user1
[root@ansible ~]# ansible node -m user -a "name=user2 uid=2000 shell=/sbin/nologin"
== useradd -u 2000 -s /sbin/nologin user2
[root@ansible ~]# ansible node -m user -a "name=user1 state=absent"
== userdel user1
[root@ansible ~]# ansible node -m user -a "name=user2 state=absent remove=yes"
== userdel -r user2
[root@ansible ~]# ansible node -m group -a "name=group1"
== groupadd group1
[root@ansible ~]# ansible node -m group -a "name=group2 gid=5000"
== groupadd -g 5000 group2
[root@ansible ~]# ansible node -m group -a "name=group1 state=absent"
[root@ansible ~]# ansible node -m group -a "name=group2 state=absent"
== groupdel 组名
7、get_url
功能:下载文件到远程节点
[root@ansible ~]# ansible node -m get_url -a "url=ftp://172.16.0.99/scripts/nginx-1.13-clean.sh dest=/tmp/"
[root@ansible ~]# ansible node -m get_url -a "url=ftp://172.16.0.99/scripts/mysql-5.7.18.sh dest=/tmp/ mode=755"
8、yum
功能:安装软件的 rpm包
[root@ansible ~]# ansible node -m yum -a "name=vsftpd"
== yum install -y vsftpd
[root@ansible ~]# ansible node -m yum -a "name=vsftpd state=absent"
== rpm -e vsftpd
[root@ansible ~]# ansible node -m yum -a "name=vsftpd,httpd"
9、systemd
功能:开 、 关远程节点的服务的
[root@ansible ~]# ansible node -m systemd -a "name=httpd state=started"
== systemctl start httpd
[root@ansible ~]# ansible node -m systemd -a "name=httpd state=stopped"
== systemctl stop httpd
restarted reloaded
重启 重新加载配置文件
[root@ansible ~]# ansible node -m systemd -a "name=httpd enabled=yes"
== systemctl enable httpd
10、cron
功能:在远程节点配置计划任务
例子:每隔5分钟,关闭一次firewalld
*/5 * * * * systemctl stop firewalld
[root@ansible ~]# ansible node -m cron -a 'name="stop firewalld" minute=*/5 job="systemctl stop firewalld"'
[root@ansible ~]# ansible node -m command -a "crontab -l"
[root@ansible ~]# ansible node -m cron -a 'name="stop firewalld" state=absent'
删除计划任务
分 minute 0-59 * */num
时 hour 0-23
日 day
月 month
周 weekday
命令
name 定义计划任务的名字
例子:每天凌晨1:30,执行mysql的备份脚本- mysql_backup.sh
30 1 * * * /路径/mysql_backup.sh
[root@ansible ~]# ansible node -m cron -a 'name="mysql backup" minute=30 hour=1 job="/root/mysql_backup.sh"'
yml剧本的:
这个就是简答的装FTP 的剧本
- name: install and config ftp
hosts: node
user: root
tasks:
- name: install ftp
yum: name=vsftpd
- name: config vsftp
copy: src=/etc/ansible/server-confs/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf backup=yes
notify: restart ftp
- name: make directory
file: path=/var/ftp/tmp mode=1777 owner=ftp state=directory
handlers:
- name: restart ftp
systemd: name=vsftpd state=restarted enabled=yes
执行剧本
[root@localhost pb]# ansible-playbook ftp.yml
PLAY [install and config ftp] *************************************************************************
TASK [Gathering Facts] ********************************************************************************
ok: [172.16.12.74]
ok: [172.16.12.75]
TASK [install ftp] ************************************************************************************
ok: [172.16.12.74]
ok: [172.16.12.75]
TASK [config vsftp] ***********************************************************************************
changed: [172.16.12.74]
changed: [172.16.12.75]
TASK [make directory] *********************************************************************************
ok: [172.16.12.74]
ok: [172.16.12.75]
RUNNING HANDLER [restart ftp] *************************************************************************
changed: [172.16.12.74]
changed: [172.16.12.75]
PLAY RECAP ********************************************************************************************
172.16.12.74 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
172.16.12.75 : ok=5 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
- name: install and config ftp
== echo "提示"
hosts: node
指定剧本的主机清单
user: root
指定执行剧本的用户
tasks:
剧本的具体内容
- name: install ftp
yum: name=vsftp
安装软件,使用yum模块
- name: config vsftp
copy: src=/etc/ansible/server-confs/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf backup=yes
notify: restart ftp
##当配置文件发生变化,通知handlers去重启ftp,notify可以理解成是函数,调用了下边的handlers,这里写的restart ftp 并不是命令而是下边handlers的那么,二者要对应。
handlers:
定义服务启动
- name: restart ftp
systemd: name=vsftpd state=restarted enabled=yes
注: yml脚本要注意格式的匹配。哪怕多一个空格就报错。
1872
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
