安装ansible
- 安装ansible版本号2.9.18-1
[root@localhost ~]# yum list ansible
已加载插件:fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* epel: mirror.lzu.edu.cn
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
已安装的软件包
ansible.noarch 2.9.18-1.el7 @epel
测试环境介绍
服务器IP: 192.168.126.135
客户端IP_1: 192.168.126.136
客户端IP_2: 192.168.126.137
ansiable基于SSH服务控制客户端,为了安全考虑,使用密钥验证
ssh-keygen
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.126.136
ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.126.137
# -i 指定密钥文件
编辑hosts清单文件
vim /etc/ansible/hosts
192.168.126.136 ansible_ssh_port=22
192.168.126.137 ansible_ssh_port=22
使用ping模块测试是否连通
ansible 192.168.126.136 -m ping
ansible 192.168.126.137 -m ping
# -m modules 指定使用的模块名
ansible all -m ping
# all 清单内所有主机
[root@localhost ~]# ansible all -m ping
192.168.126.136 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
192.168.126.137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
给清单内主机分组,给两个部门分配不同的组,如何要同时操作就使用C组,C组包含AB两个子组,操作C组就是同时操作AB组
[root@localhost ~]# vim /etc/ansible/hosts
[A]
192.168.126.136 ansible_ssh_port=22
[B]
192.168.126.137 ansible_ssh_port=22
[C:children]
A
B
Ansible的常用模块
- 查看具体模块的帮助信息ansible-doc
[root@localhost ~]# ansible-doc -s ping
- name: Try to connect to host, verify a usable python and return `pong' on success
ping:
data: # Data to return for the `ping' return value. If this parameter is set to `crash', the module will cause an exception.
- 从远程服务器拉起文件fetch模块
[root@localhost ~]# ansible 192.168.126.136 -m fetch -a "src=/root/test.txt dest=/root"
192.168.126.136 | CHANGED => {
"changed": true,
"checksum": "d4833019b9aeb41fa00f358afcf7b22efc06fa6f",
"dest": "/root/192.168.126.136/root/test.txt",
"md5sum": "e9897be7e8325d487bbb2c77c7aa04a1",
"remote_checksum": "d4833019b9aeb41fa00f358afcf7b22efc06fa6f",
"remote_md5sum": null
}
# -a add 添加命令参数
[root@localhost 192.168.126.136]# cat /root/192.168.126.136/root/test.txt
I'm just a test file!
- 文件复制模块
copy模块的作用就是拷贝文件
[root@localhost ansible_test]# ansible all -m copy -a "src=/root/ansible_test/test.txt dest=/root/"
192.168.126.136 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "a8fdc205a9f19cc1c7507a60c4f01b13d11d7fd0",
"dest": "/root/test.txt",
"gid": 0,
"group": "root",
"md5sum": "ba1f2511fc30423bdbb183fe33f3dd0f",
"mode": "0644",
"owner": "root",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1620104540.69-1494-64252806921143/source",
"state": "file",
"uid": 0
}
192.168.126.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "a8fdc205a9f19cc1c7507a60c4f01b13d11d7fd0",
"dest": "/root/test.txt",
"gid": 0,
"group": "root",
"md5sum": "ba1f2511fc30423bdbb183fe33f3dd0f",
"mode": "0644",
"owner": "root",
"size": 4,
"src": "/root/.ansible/tmp/ansible-tmp-1620104540.69-1495-126158876250279/source",
"state": "file",
"uid": 0
}
- File模块的使用
创建文件或目录、删除文件或目录、修改文件权限
ansible all -m file -a "path=/root/test_1.txt state=touch"
# 创建文件
ansible all -m file -a "path=/root/test_1.txt state=directoy"
# 创建目录
ansible all -m file -a "path=/root/test_1.txt state=link src=/root/test_1.txt"
# 创建软连接
ansible all -m file -a "path=/root/test_1.txt state=absent"
# 删除远程服务器文件
- blockinfile模块
向远程文件中插入一段被标记的文本,修改脚本重启服务,标记可以便于删除或者修改
ansible all -m blockinfile -a 'path=/testdir/test.sh block="systemctl restart nginx" '
- find模块的使用
查找远程主机上符合条件的文件
ansible all -m find -a 'paths=/root contains="test.*" '
# 搜索含有test字样的所有文件
- replace替换模块
替换文本中的内容类似sed命令
ansible all -m replace -a 'path=/root/test.txt regexp="I" replace=i'
# 把文件中所有大写I替换成小写的i
- Command模块
主要用于远程主机命令的执行
[root@localhost ~]# ansible all -m command -a "date"
192.168.126.137 | CHANGED | rc=0 >>
2021年 05月 04日 星期二 14:15:32 CST
192.168.126.136 | CHANGED | rc=0 >>
2021年 05月 04日 星期二 14:15:32 CST
[root@localhost ~]# ansible all -m command -a "ping -c 1 www.baidu.com"
192.168.126.136 | CHANGED | rc=0 >>
PING www.a.shifen.com (36.152.44.95) 56(84) bytes of data.
64 bytes from localhost (36.152.44.95): icmp_seq=1 ttl=128 time=20.0 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 20.065/20.065/20.065/0.000 ms
192.168.126.137 | CHANGED | rc=0 >>
PING www.a.shifen.com (36.152.44.96) 56(84) bytes of data.
64 bytes from localhost (36.152.44.96): icmp_seq=1 ttl=128 time=22.6 ms
--- www.a.shifen.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 22.635/22.635/22.635/0.000 ms
- yum模块
主要用于yum仓库的软件安装,升级,卸载等操作
[root@localhost ~]# ansible all -m yum -a "name=sysstat,screen state=installed"
192.168.126.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
192.168.126.136 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true
- user模块
主要操作系统的用户,组,权限,密码等操作
[root@localhost ~]# ansible all -m user -a "name=xiaolong home=/home/xiaolong"
192.168.126.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/xiaolong",
"name": "xiaolong",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
192.168.126.136 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/xiaolong",
"name": "xiaolong",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
- cron模块
主要添加,删除,修改系统crontab任务计划
[root@localhost ~]# ansible all -m cron -a "name='Ntpdata server for sync time' state=absent"
192.168.126.136 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"envs": [],
"jobs": []
}
192.168.126.137 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"envs": [],
"jobs": []
}
- service模块或者system模块
主要用于远程服务器的开启,停止,重启,重新加载等操作
ansible all -m service -a "name=httpd state=restarted"
[root@localhost ~]# ansible all -m service -a "name=network args=eth32 state=restarted"
[WARNING]: Ignoring "args" as it is not used in "systemd"
[WARNING]: Ignoring "args" as it is not used in "systemd"
192.168.126.136 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "network",
"state": "started",
"status": {
"ActiveEnterTimestamp": "日 2021-05-02 15:08:44 CST",
"ActiveEnterTimestampMonotonic": "12419415198",
"ActiveExitTimestamp": "日 2021-05-02 15:08:41 CST",
"ActiveExitTimestampMonotonic": "12416052094",
"ActiveState": "active",
"After": "NetworkManager.service ip6tables.service network-pre.target iptables.service NetworkManager-wait-online.service system.slice systemd-journald.socket basic.target",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "日 2021-05-02 15:08:41 CST",
"AssertTimestampMonotonic": "12416525250",
192.168.126.137 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"name": "network",
"state": "started",
"status": {
"ActiveEnterTimestamp": "二 2021-05-04 12:29:56 CST",
"ActiveEnterTimestampMonotonic": "9836645",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
"After": "NetworkManager-wait-online.service ip6tables.service basic.target systemd-journald.socket NetworkManager.service network-pre.target iptables.service system.slice",
"AllowIsolate": "no",
"AmbientCapabilities": "0",
"AssertResult": "yes",
"AssertTimestamp": "二 2021-05-04 12:29:56 CST",
"AssertTimestampMonotonic": "9524164",
"Before": "network.target network-online.target multi-user.target shutdown.target
}
}
PlayBooks剧本的编写
- 远程主机二进制安装nginx服务
vim nginx.yaml
- hosts: all
remote_user: root
tasks:
- name: Pcre-devel and zlib and gcc install
yum: name=gcc,pcre-devel,pcre,zlib-devel state=installed
- name: nginx web Server install
shell: cd /root; wget http://nginx.org/download/nginx-1.20.0.tar.gz; tar -xf nginx-1.20.0.tar.gz;cd nginx-1.20.0; ./configure --prefix=/usr/local/nginx; make; make install
[root@localhost ~]# ansible-playbook nginx.yaml
PLAY [all] **************************************************************************************************************************************************
TASK [Gathering Facts] **************************************************************************************************************************************
ok: [192.168.126.136]
ok: [192.168.126.137]
TASK [Pcre-devel and zlib and gcc install] ******************************************************************************************************************
ok: [192.168.126.137]
changed: [192.168.126.136]
TASK [nginx web Server install] *****************************************************************************************************************************
changed: [192.168.126.136]
changed: [192.168.126.137]
PLAY RECAP **************************************************************************************************************************************************
192.168.126.136 : ok=3 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
192.168.126.137 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Ansible的性能优化
- 关闭SSH密钥检查功能
vim /etc/ansible/ansible.cnf
host_key_checking = False
- OpenSSH的优化
关闭useDNS=yes,关闭DNS解析功能
vim /etc/ssg/ssh_config
UseDNS no
- 使用SSH pipelining加速 Ansible
vim /etc/ssg/ssh_config
pipelining = True