一、基础介绍
==========================================================================================
1、简介
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
2、总体架构
上图为ansible的基本架构,从上图可以了解到其由以下部分组成:
- 核心:ansible
- 核心模块(Core Modules):这些都是ansible自带的模块
- 扩展模块(Custom Modules):如果核心模块不足以完成某种功能,可以添加扩展模块
- 插件(Plugins):完成模块功能的补充
- 剧本(Playbooks):ansible的任务配置文件,将多个任务定义在剧本中,由ansible自动执行
- 连接插件(Connectior Plugins):ansible基于连接插件连接到各个主机上,虽然ansible是使用ssh连接到各个主机的,但是它还支持其他的连接方法,所以需要有连接插件
- 主机群(Host Inventory):定义ansible管理的主机
3、特性
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作;
(6)、strong multi-tier solution:可实现多级指挥。
4、优点
(1)、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
(2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
(3)、使用python编写,维护更简单,ruby语法过于复杂;
(4)、支持sudo。
5、任务执行流程
以上是从网上找到的两张ansible工作原理图,两张图基本都是在架构图的基本上进行的拓展。从上面的图上可以了解到:
1、管理端支持local 、ssh、zeromq 三种方式连接被管理端,默认使用基于ssh的连接---这部分对应基本架构图中的连接模块;
2、可以按应用类型等方式进行Host Inventory(主机群)分类,管理节点通过各类模块实现相应的操作---单个模块,单条命令的批量执行,我们可以称之为ad-hoc;
3、管理节点可以通过playbooks 实现多个task的集合实现一类功能,如web服务的安装部署、数据库服务器的批量备份等。playbooks我们可以简单的理解为,系统通过组合多条ad-hoc操作的配置文件 。
二、Ansible基础安装与配置(centos6.5环境)
==========================================================================================
1、Ansible基础安装
(1)、python2.7安装
https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz
# tar xvzf Python-2.7.8.tgz
# cd Python-2.7.8
# ./configure --prefix=/usr/local
# make --jobs=`grep processor/proc/cpuinfo | wc -l`
# make install
## 将python头文件拷贝到标准目录,以避免编译ansible时,找不到所需的头文件
# cd /usr/local/include/python2.7
# cp -a ./* /usr/local/include/
## 备份旧版本的python,并符号链接新版本的python
# cd /usr/bin
# mv python python2.6
# ln -s /usr/local/bin/python
## 修改yum脚本,使其指向旧版本的python,已避免其无法运行
# vim /usr/bin/yum
#!/usr/bin/python --> #!/usr/bin/python2.6
(2)、setuptools模块安装
https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz
# tar xvzf setuptools-7.0.tar.gz
# cd setuptools-7.0
# python setup.py install
(3)、pycrypto模块安装
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
# tar xvzf pycrypto-2.6.1.tar.gz
# cd pycrypto-2.6.1
# python setup.py install
(4)、PyYAML模块安装
http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz
# tar xvzf yaml-0.1.5.tar.gz
# cd yaml-0.1.5
# ./configure --prefix=/usr/local
# make --jobs=`grep processor/proc/cpuinfo | wc -l`
# make install
https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz
# tar xvzf PyYAML-3.11.tar.gz
# cd PyYAML-3.11
# python setup.py install
(5)、Jinja2模块安装
https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz
# tar xvzf MarkupSafe-0.9.3.tar.gz
# cd MarkupSafe-0.9.3
# python setup.py install
https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz
# tar xvzf Jinja2-2.7.3.tar.gz
# cd Jinja2-2.7.3
# python setup.py install
(6)、paramiko模块安装
https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gz
# tar xvzf ecdsa-0.11.tar.gz
# cd ecdsa-0.11
# python setup.py install
https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz
# tar xvzf paramiko-1.15.1.tar.gz
# cd paramiko-1.15.1
# python setup.py install
(7)、simplejson模块安装
https://pypi.python.org/packages/source/s/simplejson/simplejson-3.6.5.tar.gz
# tar xvzf simplejson-3.6.5.tar.gz
# cd simplejson-3.6.5
# python setup.py install
(8)、ansible安装
https://github.com/ansible/ansible/archive/v1.7.2.tar.gz
# tar xvzf ansible-1.7.2.tar.gz
# cd ansible-1.7.2
# python setup.py install
2、Ansible配置
(1)、SSH免密钥登录设置
## 生成公钥/私钥
# ssh-keygen -t rsa -P ''
## 写入信任文件(将/root/.ssh/id_rsa_storm1.pub分发到其他服务器,并在所有服务器上执行如下指令):
# cat /root/.ssh/id_rsa_storm1.pub >> /root/.ssh/authorized_keys
# chmod 600 /root/.ssh/authorized_keys
|
一、基础介绍
==========================================================================================
1、简介
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
(1)、连接插件connection plugins:负责和被监控端实现通信;
(2)、host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
(3)、各种模块核心模块、command模块、自定义模块;
(4)、借助于插件完成记录日志邮件等功能;
(5)、playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
2、总体架构
3、特性
(1)、no agents:不需要在被管控主机上安装任何客户端;
(2)、no server:无服务器端,使用时直接运行命令即可;
(3)、modules in any languages:基于模块工作,可使用任意语言开发模块;
(4)、yaml,not code:使用yaml语言定制剧本playbook;
(5)、ssh by default:基于SSH工作;
(6)、strong multi-tier solution:可实现多级指挥。
4、优点
(1)、轻量级,无需在客户端安装agent,更新时,只需在操作机上进行一次更新即可;
(2)、批量任务执行可以写成脚本,而且不用分发到远程就可以执行;
(3)、使用python编写,维护更简单,ruby语法过于复杂;
(4)、支持sudo。
5、任务执行流程
说明:
(1)、以上内容大多是基于他人分享的基础上总结而来,学习借鉴之用;
(2)、本次安装基于 CentOS 6.5系统环境。
==========================================================================================
二、Ansible基础安装与配置
==========================================================================================
1、Ansible基础安装
(1)、python2.7安装
https://www.python.org/ftp/python/2.7.8/Python-2.7.8.tgz
# tar xvzf Python-2.7.8.tgz
# cd Python-2.7.8
# ./configure --prefix=/usr/local
# make --jobs=`grep processor/proc/cpuinfo | wc -l`
# make install
## 将python头文件拷贝到标准目录,以避免编译ansible时,找不到所需的头文件
# cd /usr/local/include/python2.7
# cp -a ./* /usr/local/include/
## 备份旧版本的python,并符号链接新版本的python
# cd /usr/bin
# mv python python2.6
# ln -s /usr/local/bin/python
## 修改yum脚本,使其指向旧版本的python,已避免其无法运行
# vim /usr/bin/yum
#!/usr/bin/python --> #!/usr/bin/python2.6
(2)、setuptools模块安装
https://pypi.python.org/packages/source/s/setuptools/setuptools-7.0.tar.gz
# tar xvzf setuptools-7.0.tar.gz
# cd setuptools-7.0
# python setup.py install
(3)、pycrypto模块安装
https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz
# tar xvzf pycrypto-2.6.1.tar.gz
# cd pycrypto-2.6.1
# python setup.py install
(4)、PyYAML模块安装
http://pyyaml.org/download/libyaml/yaml-0.1.5.tar.gz
# tar xvzf yaml-0.1.5.tar.gz
# cd yaml-0.1.5
# ./configure --prefix=/usr/local
# make --jobs=`grep processor/proc/cpuinfo | wc -l`
# make install
https://pypi.python.org/packages/source/P/PyYAML/PyYAML-3.11.tar.gz
# tar xvzf PyYAML-3.11.tar.gz
# cd PyYAML-3.11
# python setup.py install
(5)、Jinja2模块安装
https://pypi.python.org/packages/source/M/MarkupSafe/MarkupSafe-0.9.3.tar.gz
# tar xvzf MarkupSafe-0.9.3.tar.gz
# cd MarkupSafe-0.9.3
# python setup.py install
https://pypi.python.org/packages/source/J/Jinja2/Jinja2-2.7.3.tar.gz
# tar xvzf Jinja2-2.7.3.tar.gz
# cd Jinja2-2.7.3
# python setup.py install
(6)、paramiko模块安装
https://pypi.python.org/packages/source/e/ecdsa/ecdsa-0.11.tar.gz
# tar xvzf ecdsa-0.11.tar.gz
# cd ecdsa-0.11
# python setup.py install
https://pypi.python.org/packages/source/p/paramiko/paramiko-1.15.1.tar.gz
# tar xvzf paramiko-1.15.1.tar.gz
# cd paramiko-1.15.1
# python setup.py install
(7)、simplejson模块安装
https://pypi.python.org/packages/source/s/simplejson/simplejson-3.6.5.tar.gz
# tar xvzf simplejson-3.6.5.tar.gz
# cd simplejson-3.6.5
# python setup.py install
(8)、ansible安装
https://github.com/ansible/ansible/archive/v1.7.2.tar.gz
# tar xvzf ansible-1.7.2.tar.gz
# cd ansible-1.7.2
# python setup.py install
2、Ansible配置
(1)、SSH免密钥登录设置
## 生成公钥/私钥
# ssh-keygen -t rsa -P ''
## 写入信任文件(将/root/.ssh/id_rsa_storm1.pub分发到其他服务器,并在所有服务器上执行如下指令):
# cat /root/.ssh/id_rsa_storm1.pub >> /root/.ssh/authorized_keys
# chmod 600 /root/.ssh/authorized_keys
(2)、ansible配置
两个核心文件:ansible.cfg和hosts文件,默认都存放在/etc/ansible目录下。
ansible.cfg:主要设置一些ansible初始化的信息,比如日志存放路径、模块、插件等配置信息
hosts:机器清单,进行分组管理
# mkdir -p /etc/ansible
# vim /etc/ansible/ansible.cfg
……
remote_port = 36000
private_key_file = /root/.ssh/id_rsa_storm1
……
## 主机组定义
# vim /etc/ansible/hosts
# config file for ansible -- http://ansible.com/
# ==============================================
# nearly all parameters can be overridden in ansible-playbook
# or with command line flags. ansible will read ANSIBLE_CONFIG,
# ansible.cfg in the current working directory, .ansible.cfg in
# the home directory or /etc/ansible/ansible.cfg, whichever it
# finds first
[defaults] --->通用默认配置
# some basic default values...
inventory = /etc/ansible/hosts 这个是默认库文件位置,脚本,或者存放可通信主机的目录
#library = /usr/share/my_modules/ Ansible默认搜寻模块的位置
remote_tmp = $HOME/.ansible/tmp Ansible 通过远程传输模块到远程主机,然后远程执行,执行后在清理现场.在有些场景下,你也许想使用默认路径希望像更换补丁一样使用
pattern = * 如果没有提供“hosts”节点,这是playbook要通信的默认主机组.默认值是对所有主机通信
forks = 5 在与主机通信时的默认并行进程数 ,默认是5d
poll_interval = 15 当具体的poll interval 没有定义时,多少时间回查一下这些任务的状态, 默认值是5秒
sudo_user = root sudo使用的默认用户 ,默认是root
#ask_sudo_pass = True 用来控制Ansible playbook 在执行sudo之前是否询问sudo密码.默认为no
#ask_pass = True 控制Ansible playbook 是否会自动默认弹出密码
transport = smart 通信机制.默认 值为’smart’。如果本地系统支持 ControlPersist技术的话,将会使用(基于OpenSSH)‘ssh’,如果不支持讲使用‘paramiko’.其他传输选项包括‘local’, ‘chroot’,’jail’等等
#remote_port = 22 远程SSH端口。 默认是22
module_lang = C 模块和系统之间通信的计算机语言,默认是C语言
# plays will gather facts by default, which contain information about
# the remote system.
#
# smart - gather by default, but don't regather if already gathered
# implicit - gather by default, turn off with gather_facts: False
# explicit - do not gather by default, must say gather_facts: True
gathering = implicit 控制默认facts收集(远程系统变量). 默认值为’implicit’, 每一次play,facts都会被收集
# additional paths to search for roles in, colon separated
#roles_path = /etc/ansible/roles roles 路径指的是’roles/’下的额外目录,用于playbook搜索Ansible roles
# uncomment this to disable SSH key host checking
#host_key_checking = False 检查主机密钥
# change this for alternative sudo implementations
sudo_exe = sudo 如果在其他远程主机上使用另一种方式执sudu操作.可以使用该参数进行更换
# what flags to pass to sudo 传递sudo之外的参数
#sudo_flags = -H
# SSH timeout SSH超时时间
timeout = 10
# default user to use for playbooks if user is not specified
# (/usr/bin/ansible will use current user as default)
#remote_user = root 使用/usr/bin/ansible-playbook链接的默认用户名,如果不指定,会使用当前登录的用户名
# logging is off by default unless this path is defined
# if so defined, consider logrotate
#log_path = /var/log/ansible.log 日志文件存放路径
# default module name for /usr/bin/ansible
#module_name = command ansible命令执行默认的模块
# use this shell for commands executed under sudo
# you may need to change this to bin/bash in rare instances
# if sudo is constrained
#executable = /bin/sh 在sudo环境下产生一个shell交互接口. 用户只在/bin/bash的或者sudo限制的一些场景中需要修改
# if inventory variables overlap, does the higher precedence one win
# or are hash values merged together? The default is 'replace' but
# this can also be set to 'merge'.
#hash_behaviour = replace 特定的优先级覆盖变量
# list any Jinja2 extensions to enable here:
#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n 允许开启Jinja2拓展模块
# if set, always use this private key file for authentication, same as
# if passing --private-key to ansible or ansible-playbook
#private_key_file = /path/to/file 私钥文件存储位置
# format of string {{ ansible_managed }} available within Jinja2
# templates indicates to users editing templates files will be replaced.
# replacing {file}, {host} and {uid} and strftime codes with proper values.
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host} 这个设置可以告知用户,Ansible修改了一个文件,并且手动写入的内容可能已经被覆盖.
# by default, ansible-playbook will display "Skipping [host]" if it determines a task
# should not be run on a host. Set this to "False" if you don't want to see these "Skipping"
# messages. NOTE: the task header will still be shown regardless of whether or not the
# task is skipped.
#display_skipped_hosts = True 显示任何跳过任务的状态 ,默认是显示
# by default (as of 1.3), Ansible will raise errors when attempting to dereference
# Jinja2 variables that are not set in templates or action lines. Uncomment this line
# to revert the behavior to pre-1.3.
#error_on_undefined_vars = False 如果所引用的变量名称错误的话, 将会导致ansible在执行步骤上失败
# by default (as of 1.6), Ansible may display warnings based on the configuration of the
# system running ansible itself. This may include warnings about 3rd party packages or
# other conditions that should be resolved if possible.
# to disable these warnings, set the following value to False:
#system_warnings = True 允许禁用系统运行ansible相关的潜在问题警告
# by default (as of 1.4), Ansible may display deprecation warnings for language
# features that should no longer be used and will be removed in future versions.
# to disable these warnings, set the following value to False:
#deprecation_warnings = True 允许在ansible-playbook输出结果中禁用“不建议使用”警告
# (as of 1.8), Ansible can optionally warn when usage of the shell and
# command module appear to be simplified by using a default Ansible module
# instead. These warnings can be silenced by adjusting the following
# setting or adding warn=yes or warn=no to the end of the command line
# parameter string. This will for example suggest using the git module
# instead of shelling out to the git command.
# command_warnings = False 当shell和命令行模块被默认模块简化的时,Ansible 将默认发出警告
# set plugin path directories here, separate with colons
action_plugins = /usr/share/ansible_plugins/action_plugins
callback_plugins = /usr/share/ansible_plugins/callback_plugins
connection_plugins = /usr/share/ansible_plugins/connection_plugins
lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
vars_plugins = /usr/share/ansible_plugins/vars_plugins
filter_plugins = /usr/share/ansible_plugins/filter_plugins
# by default callbacks are not loaded for /bin/ansible, enable this if you
# want, for example, a notification or logging callback to also apply to
# /bin/ansible runs
#bin_ansible_callbacks = False 用来控制callback插件是否在运行 /usr/bin/ansible 的时候被加载. 这个模块将用于命令行的日志系统,发出通知等特性
# don't like cows? that's unfortunate.
# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1
#nocows = 1 默认ansible可以调用一些cowsay的特性 开启/禁用:0/1
# don't like colors either?
# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
#nocolor = 1 输出带上颜色区别, 开启/关闭:0/1
# the CA certificate path used for validating SSL certs. This path
# should exist on the controlling node, not the target nodes
# common locations:
# RHEL/CentOS: /etc/pki/tls/certs/ca-bundle.crt
# Fedora : /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
# Ubuntu : /usr/share/ca-certificates/cacert.org/cacert.org.crt
#ca_file_path =
# the http user-agent string to use when fetching urls. Some web server
# operators block the default urllib user agent as it is frequently used
# by malicious attacks/scripts, so we set it to something unique to
# avoid issues.
#http_user_agent = ansible-agent
# if set to a persistent type (not 'memory', for example 'redis') fact values
# from previous runs in Ansible will be stored. This may be useful when
# wanting to use, for example, IP information from one group of servers
# without having to talk to them in the same playbook run to get their
# current IP information.
fact_caching = memory
# retry files
#retry_files_enabled = False
#retry_files_save_path = ~/.ansible-retry
[privilege_escalation]
#become=True
#become_method=sudo
#become_user=root
#become_ask_pass=False
[paramiko_connection]
# uncomment this line to cause the paramiko connection plugin to not record new host
# keys encountered. Increases performance on new host additions. Setting works independently of the
# host key checking setting above.
#record_host_keys=False
# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
# line to disable this behaviour.
#pty=False
[ssh_connection]
# ssh arguments to use
# Leaving off ControlPersist will result in poor performance, so use
# paramiko on older platforms rather than removing it
#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
# The path to use for the ControlPath sockets. This defaults to
# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
# very long hostnames or very long path names (caused by long user names or
# deeply nested home directories) this can exceed the character limit on
# file socket names (108 characters for most platforms). In that case, you
# may wish to shorten the string below.
#
# Example:
# control_path = %(directory)s/%%h-%%r
#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
# Enabling pipelining reduces the number of SSH operations required to
# execute a module on the remote server. This can result in a significant
# performance improvement when enabled, however when using "sudo:" you must
# first disable 'requiretty' in /etc/sudoers
#
# By default, this option is disabled to preserve compatibility with
# sudoers configurations that have requiretty (the default on many distros).
#
#pipelining = False
# if True, make ansible use scp if the connection type is ssh
# (default is sftp)
#scp_if_ssh = True
[accelerate]
accelerate_port = 5099
accelerate_timeout = 30
accelerate_connect_timeout = 5.0
# The daemon timeout is measured in minutes. This time is measured
# from the last activity to the accelerate daemon.
accelerate_daemon_timeout = 30
# If set to yes, accelerate_multi_key will allow multiple
# private keys to be uploaded to it, though each user must
# have access to the system via SSH to add a new key. The default
# is "no".
#accelerate_multi_key = yes
[selinux]
# file systems that require special treatment when dealing with security context
# the default behaviour that copies the existing context or uses the user default
# needs to be changed to use the file system dependant context.
#special_context_filesystems=nfs,vboxsf,fuse
-------------------------------------------------------------------------------------------------------------------------------
简易配置:
[defaults]
inventory = /etc/ansible/hosts
sudo_user=root
remote_port=22
host_key_checking=False
remote_user=root
log_path=/var/log/ansible.log
module_name=command
private_key_file=/root/.ssh/id_rsa
no_log:True
--------------------------------------------------------------------------------------------------
2.hosts
# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
# - Comments begin with the '#' character
# - Blank lines are ignored
# - Groups of hosts are delimited by [header] elements
# - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups
# Ex 1: Ungrouped hosts, specify before any group headers.
green.example.com
blue.example.com
192.168.100.1
192.168.100.10
# Ex 2: A collection of hosts belonging to the 'webservers' group
[webservers]
alpha.example.org
beta.example.org
192.168.1.100
192.168.1.110
# If you have multiple hosts following a pattern you can specify
# them like this:
www[001:006].example.com
# Ex 3: A collection of database servers in the 'dbservers' group
[dbservers]
db01.intranet.mydomain.net
db02.intranet.mydomain.net
10.25.1.56
10.25.1.57
# Here's another example of host ranges, this time there are no
# leading 0s:
db-[99:101]-node.example.com
------------------------------------------------------------------------------------------------------------------------
(参考资料:http://www.ansible.com.cn/docs/intro_configuration.html#environmental-configuration)
(3)、简单测试
# ansible storm_cluster -m command -a 'uptime'
查看远程主机的基本信息
ping测试:
(3)、file
## 设置文件的属性
相关选项如下:
force:需要在两种情况下强制创建软链接,一种是源文件不存在,但之后会建立的情况下;另一种是目标软链接已存在,需要先取消之前的软链,然后创建新的软链,有两个选项:yes|no
group:定义文件/目录的属组
mode:定义文件/目录的权限
owner:定义文件/目录的属主
path:必选项,定义文件/目录的路径
recurse:递归设置文件的属性,只对目录有效
src:被链接的源文件路径,只应用于state=link的情况
dest:被链接到的路径,只应用于state=link的情况
state:
directory:如果目录不存在,就创建目录
file:即使文件不存在,也不会被创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建一个新的文件,如果文件或目录已存在,则更新其最后修改时间
absent:删除目录、文件或者取消链接文件
示例:
## 远程文件符号链接创建
# ansible storm_cluster -m file -a "src=/etc/resolv.conf dest=/tmp/resolv.conf state=link"
## 远程文件信息查看
# ansible storm_cluster -m command -a "ls-al /tmp/resolv.conf"
## 远程文件符号链接删除
## 远程文件信息查看
# ansible storm_cluster -m command -a "ls -al /tmp/resolv.conf"
说明:如上显示,代表文件或链接已经删除。
(4)、copy
## 复制文件到远程主机
相关选项如下:
backup:在覆盖之前,将源文件备份,备份文件包含时间信息。有两个选项:yes|no
content:用于替代“src”,可以直接设定指定文件的值
dest:必选项。要将源文件复制到的远程主机的绝对路径,如果源文件是一个目录,那么该路径也必须是个目录
directory_mode:递归设定目录的权限,默认为系统默认权限
force:如果目标主机包含该文件,但内容不同,如果设置为yes,则强制覆盖,如果为no,则只有当目标主机的目标位置不存在该文件时,才复制。默认为yes
others:所有的file模块里的选项都可以在这里使用
src:被复制到远程主机的本地文件,可以是绝对路径,也可以是相对路径。如果路径是一个目录,它将递归复制。在这种情况下,如果路径使用“/”来结尾,则只复制目录里的内容,如果没有使用“/”来结尾,则包含目录在内的整个内容全部复制,类似于rsync。
示例:
## 将本地文件“/etc/ansible/ansible.cfg”复制到远程服务器
# ansible storm_cluster -m copy -a "src=/etc/ansible/ansible.cfg dest=/tmp/ansible.cfg owner=root group=root mode=0644"
## 远程文件信息查看
# ansible storm_cluster -m command -a "ls -al /tmp/ansible.cfg"
(5)、command
## 在远程主机上执行命令
相关选项如下:
creates:一个文件名,当该文件存在,则该命令不执行
free_form:要执行的linux指令
chdir:在执行指令之前,先切换到该目录
removes:一个文件名,当该文件不存在,则该选项不执行
executable:切换shell来执行指令,该执行路径必须是一个绝对路径
示例:
# ansible storm_cluster -m command -a "uptime"
(6)、shell
## 切换到某个shell执行指定的指令,参数与command相同。
与command不同的是,此模块可以支持命令管道,同时还有另一个模块也具备此功能:raw
示例:
## 先在本地创建一个SHELL脚本
# vim /tmp/rocketzhang_test.sh
#!/bin/sh
date +%F_%H:%M:%S
#chmod +x /tmp/rocketzhang_test.sh
## 将创建的脚本文件分发到远程
# ansible storm_cluster -m copy -a "src=/tmp/rocketzhang_test.sh dest=/tmp/litest.sh owner=root group=root mode=0755"
## 远程执行
# ansible storm_cluster -m shell -a "/tmp/litest.sh"
(7)、更多模块
其他常用模块,比如:service、cron、yum、synchronize就不一一例举,可以结合自身的系统环境进行测试。
service:系统服务管理
cron:计划任务管理
yum:yum软件包安装管理
synchronize:使用rsync同步文件
user:系统用户管理
group:系统用户组管理
更多模块可以参考:
#ansible-doc –l
http://docs.ansible.com/modules_by_category.html
(国内的一个镜像站点,避免被墙 ^_^ )
(8)、一些概念补充
playbook的组成:playbook是由一个或多个“play”组成的列表,可以让它们联同起来按事先编排的机制执行;所谓task无非是调用ansible的一个module,而在模块参数中可以使用变量;模块执行是幂等的,这意味着多次执行是安全的,因为其结果均一致;
执行模型:task list中的各任务按次序逐个在hosts中指定的所有主机上执行,即在所有主机上完成第一个任务后再开始第二个。在顺序运行某playbook时,如果中途发生错误,所有已执行任务都将回滚,因此,在修改playbook后重新执行一次即可;
task组成:每个task都应该有其name,用于playbook的执行结果输出,建议其内容尽可能清晰地描述任务执行步骤。如果未提供name,则action的结果将用于输出;
notify指定handler的执行机制:“notify”这个action可用于在每个play的最后被触发,在notify中列出的操作称为handler,仅在所有的变化发生完成后一次性地执行指定操作。
三、后续工作
==========================================================================================
1、深入学习ansible的playbook以及扩展模块;
2、 结合业务环境,初步实现基础监控,以取代目前调用自动化部署平台API的方式;
3、 尝试自动化运维工具saltstack,并将其与ansible进行对比。
一些学习资料:
http://blog.xiaorui.cc/category/ansible/
http://lixcto.blog.51cto.com/4834175/d-4
https://github.com/ansible/ansible-examples
http://rfyiamcool.blog.51cto.com/1030776/d-51
http://dl528888.blog.51cto.com/2382721/d-4/p-1
http://edu.51cto.com/course/course_id-2220.html
http://edu.51cto.com/course/course_id-2032.html