ansible基础
- 安装
# 查看ansible有哪些可用版本
[root@localhost day03] pip3 install ansible==
# 在线安装2.7.2
[root@localhost day03] pip3 install ansible==2.7.2
- 环境配置
[root@localhost day03] mkdir myansible
[root@localhost day03] cd myansible/
[root@localhost myansible] vim ansible.cfg
[defaults]
inventory = hosts
remote_user = root
[root@localhost myansible] vim hosts
[dbservers]
db1
[webservers]
web1
[root@localhost myansible] vim /etc/hosts
192.168.113.131 db1
192.168.113.133 web1
[root@localhost myansible] ping db1
[root@localhost myansible] ping web1
# 配置免密登陆到各台主机
[root@localhost myansible] ssh-keygen
[root@localhost myansible] ssh-copy-id root@192.168.113.131
[root@localhost myansible] ssh-copy-id root@192.168.113.133
- 远程管理方法一:adhoc临时命令
# 语法
ansible 主机清单 -m 模块 -a "参数"
[root@localhost myansible] ansible all -m ping
[root@localhost myansible] ansible all -m shell -a "id root"
- 远程管理方法二:playbook
# 为了书写yaml的方便,先修改vim的配置
[root@localhost myansible] vim ~/.vimrc
autocmd FileType yaml setlocal ai et sw=2 ts=2
[root@localhost myansible] vim lamp.yml
---
- name: configure dbservers
hosts: dbservers
tasks:
- name: install mariadb-server
yum:
name: mariadb-server
state: present
- name: configure mariadb
service:
name: mariadb
state: started
enabled: yes
- name: configure webservers
hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd, php, php-mysql
state: present
- name: configure httpd
service:
name: httpd
state: started
enabled: yes
# 语法检查
[root@localhost myansible] ansible-playbook --syntax-check lamp.yml
# 执行playbook
[root@localhost myansible] ansible-playbook lamp.yml
ansible编程之adhoc
- 命名的元组
- 仍然是元组,拥有元组的特性
- 为元组的每个下标命名,可以通过下标的名字打到值
>>> import collections
>>> Point = collections.namedtuple('Point', ('x', 'y', 'z'))
>>> a = Point(10, 15, 8)
>>> type(a)
<class '__main__.Point'>
>>> a[0]
10
>>> len(a)
3
>>> a[1:]
(15, 8)
>>> a.x
10
>>> a.y
15
>>> a.z
8
- 如果ssh远程到目标主机时,使用的是普通用户,需要提权才能执行管理命令,例:
[root@localhost myansible] vim ansible.cfg
[defaults]
inventory = hosts
remote_user = tom
[privilege_escalation]
become = yes
become_method = sudo
become_user = root
# 每台目标主机需要配置sudo
[root@localhost myansible] visudo
tom ALL=(ALL) NOPASSWD: ALL
- 手工将yaml文件转成python数据类型
[root@localhost myansible]# vim lamp.yml
---
- name: configure dbservers
hosts: dbservers
tasks:
- name: install mariadb-server
yum:
name: mariadb-server
state: present
- name: configure mariadb
service:
name: mariadb
state: started
enabled: yes
- name: configure webservers
hosts: webservers
tasks:
- name: install httpd
yum:
name: httpd, php, php-mysql
state: present
- name: configure httpd
service:
name: httpd
state: started
enabled: yes
转成python的数据类型:
[
{
'name': 'configure dbservers',
'hosts': 'dbservers',
'tasks': [
{
'name': 'install mariadb-server',
'yum': {
'name': 'mariadb-server',
'state': 'present'
}
},
{
'name': 'configure mariadb',
'service': {
'name': 'mariadb',
'state': 'started',
'enabled': 'yes'
}
}
]
},
{
'name': 'configure webservers',
'hosts': 'webservers',
'tasks': [
{
'name': 'install httpd',
'yum': {
'name': ['httpd', 'php', 'php-mysql'],
'state': 'present'
}
},
{
'name': 'configure httpd',
'service': {
'name': 'httpd',
'state': 'started',
'enabled': 'yes'
}
}
]
}
]
- ansible加解密
# 加密文件
[root@localhost myansible] cp /etc/passwd /tmp/mima
[root@localhost myansible] cat /tmp/mima
[root@localhost myansible] ansible-vault encrypt /tmp/mima
New Vault password:
Confirm New Vault password:
Encryption successful
[root@localhost myansible] cat /tmp/mima
# 解密文件
[root@localhost myansible] ansible-vault decrypt /tmp/mima
Vault password:
Decryption successful
[root@localhost myansible]4 cat /tmp/mima
编写ansible模块
- 声明自定义模块路径
export ANSIBLE_LIBRARY=/opt/mylibs
- 编写用于在远程主机拷贝文件的模块
[root@localhost myansible] vim /opt/mylibs/rcopy.py
import shutil
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
yuan=dict(required=True, type='str'),
mubiao=dict(required=True, type='str')
)
)
shutil.copy(module.params['yuan'], module.params['mubiao'])
module.exit_json(changed=True)
if __name__ == '__main__':
main()
- 编写一个用于实现下载的模块
import wget
from ansible.module_utils.basic import AnsibleModule
def main():
module = AnsibleModule(
argument_spec=dict(
url=dict(required=True, type='str'),
dest=dict(required=True, type='str')
)
)
wget.download(module.params['url'], module.params['dest'])
module.exit_json(changed=True)
if __name__ == '__main__':
main()
[root@localhost myansible] ansible web1.tedu.cn -m rcopy -a "url=http://bj.people.com.cn/NMediaFile/2020/0325/LOCAL202003251946000143788826678.jpg dest=/tmp/yulan.jpg"
- 在目标主机上安装缺失模块
[root@localhost ~] wget https://files.pythonhosted.org/packages/8e/76/66066b7bc71817238924c7e4b448abdb17eb0c92d645769c223f9ace478f/pip-20.0.2.tar.gz
[root@localhost ~] tar xf pip-20.0.2.tar.gz
[root@localhost ~] cd pip-20.0.2/
[root@localhost pip-20.0.2] python setup.py install
[root@localhost pip-20.0.2] pip install wget
# 重新运行ansible命令,下载文件
通过ansible-cmdb生成web页
# 收集远程主机信息
[root@localhost myansible] ansible all -m setup --tree /tmp/nsd1910
# 安装ansible-cmdb
[root@localhost myansible] pip3 install ansible-cmdb
# 生成web页面
[root@localhost myansible] which ansible-cmdb
/usr/local/bin/ansible-cmdb
[root@localhost myansible] vim /usr/local/bin/ansible-cmdb
修改第8行为以下格式:
PY_BIN=$(which python3)
[root@localhost myansible] ansible-cmdb /tmp/nsd1910/ > /tmp/hosts.html
[root@localhost myansible] firefox /tmp/hosts.html