Ansible工具原理一
rpm -Uvh http://mirrors.ustc.edu.cn/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm yum -y install epel-release yum -y install ansible
Ansible工具默认主目在/etc/ansible/下,其中hosts文件为被管理机IP或者主机名列表,ansible.cfg为ansible主配置文件,roles为角色或者插件路径,默认该目录为空
[root@localhost ~]# cd /etc/ansible/ [root@localhost ansible]# pwd /etc/ansible [root@localhost ansible]# ls ansible.cfg hosts roles [root@localhost ansible]# ll total 28 -rw-r--r--. 1 root root 19549 Jul 29 04:07 ansible.cfg -rw-r--r--. 1 root root 1071 Aug 28 13:27 hosts drwxr-xr-x. 2 root root 4096 Jul 29 04:07 roles
默认hosts文件配置主机列表,可以配置分组,可以定义各种ip及规则,如下
Ansible有很多模块管理,常用的Ansible工具管理模块包括:command、shell、script、yum、copy、File、async、docker、cron、mysql_user、ping、sysctl、user、acl、add_host、easy_install、haproxy等。
基于Ansible自动运维工具管理客户端案例操作,由于Ansible管理远程服务器基于SSH,在登录远程服务器执行命令时需要远程服务器的用户名和密码,也可以加入-k参数手动输入密码或者基于ssh-keygen生成免秘钥。
Ansible自动化批量管理工具主要参数如下:
-v,–verbose 打印详细模式; -i PATH,–inventory=PATH 指定host文件路径; -f NUM,–forks=NUM 指定fork开启同步进程的个数,默认5; -m NAME,–module-name=NAME 指定module名称,默认模块command; -a MODULE_ARGS module模块的参数或者命令; -k,–ask-pass 输入远程被管理端密码; –sudo 基于sudo用户执行; -K,–ask-sudo-pass 提示输入sudo密码与sudo一起使用; -u USERNAME,–user=USERNAME 指定移动端的执行用户; -C,–check 测试执行过程,不改变真实内容,相当于预演; -T TIMEOUT, 执行命令超时时间,默认为10秒; --version 查看Ansible软件版本信息。
1.1 Ansible ping模块实战;
Ansible最基础的模块为ping模块,主要用于判断远程客户端是否在线,用于ping本身服务器,返回值为changed、ping。
Ansible ping模块企业常用案例如下:
[root@localhost ansible]# ansible all -k -m ping SSH password: 192.168.92.203 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.92.201 | SUCCESS => { "changed": false, "ping": "pong" } 192.168.92.202 | SUCCESS => { "changed": false, "ping": "pong" }
1.1 Ansible command模块实战
Ansible command模块为ansible默认模块,主要用于执行Linux基础命令,可以执行远程服务器命令执行、任务执行等操作。Command模块使用详解
Chdir 执行命令前,切换到目录; Creates 当该文件存在时,则不执行该步骤; Executable 换用shell环境执行命令; Free_form 需要执行的脚本; Removes 当该文件不存在时,则不执行该步骤; Warn 如果在ansible.cfg中存在告警,如果设定了False,不会警告此行。
Ansible command模块企业常用案例如下:
Ansible command模块远程执行date命令。
[root@localhost ansible]# ansible all -k -i /etc/ansible/hosts -m command -a "date" SSH password: 192.168.92.203 | SUCCESS | rc=0 >> Sat Sep 15 11:43:24 CST 2018 192.168.92.202 | SUCCESS | rc=0 >> Mon Sep 10 20:34:40 CST 2018 192.168.92.201 | SUCCESS | rc=0 >> Sat Sep 15 11:43:25 CST 2018
Ansible command模块远程执行ping命令,
[root@localhost ansible]# ansible all -k -m command -a "ping -c 2 www.baidu.com" SSH password: 192.168.92.203 | SUCCESS | rc=0 >> PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data. 64 bytes from 61.135.169.125: icmp_seq=1 ttl=128 time=3.69 ms 64 bytes from 61.135.169.125: icmp_seq=2 ttl=128 time=2.90 ms --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1004ms rtt min/avg/max/mdev = 2.906/3.301/3.697/0.399 ms 192.168.92.201 | SUCCESS | rc=0 >> PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=2.78 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=3.26 ms --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1006ms rtt min/avg/max/mdev = 2.785/3.024/3.264/0.245 ms 192.168.92.202 | SUCCESS | rc=0 >> PING www.a.shifen.com (61.135.169.121) 56(84) bytes of data. 64 bytes from 61.135.169.121: icmp_seq=1 ttl=128 time=3.89 ms 64 bytes from 61.135.169.121: icmp_seq=2 ttl=128 time=2.73 ms --- www.a.shifen.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1006ms rtt min/avg/max/mdev = 2.737/3.316/3.895/0.579 ms
Ansible Hosts正则模式远程执行df -h
[root@localhost ansible]# ansible all -k -m command -a "df -h" SSH password: 192.168.92.203 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda5 18G 6.7G 9.7G 41% / tmpfs 931M 0 931M 0% /dev/shm /dev/sda2 190M 34M 147M 19% /boot /dev/sda1 190M 1.8M 178M 1% /boot/efi 192.168.92.201 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda5 18G 6.4G 10G 40% / tmpfs 931M 72K 931M 1% /dev/shm /dev/sda2 190M 34M 147M 19% /boot /dev/sda1 190M 1.8M 178M 1% /boot/efi 192.168.92.202 | SUCCESS | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda5 18G 9.0G 7.4G 55% / tmpfs 931M 228K 931M 1% /dev/shm /dev/sda2 190M 34M 147M 19% /boot /dev/sda1 190M 1.8M 178M 1% /boot/efi
1.1 Ansible copy模块实战
Ansible copy模块主要用于文件或者目录拷贝,支持文件、目录、权限、用户组功能,copy模块使用详解:
src Ansible端源文件或者目录,空文件夹不拷贝; content 用来替代src,用于将指定文件的内容,拷贝到远程文件内; dest 客户端目标目录或者文件,需要绝对路径; backup 拷贝之前,先备份远程节点上的原始文件; directory_mode 用于拷贝文件夹,新建的文件会被拷贝,而老旧的不会被拷贝; follow 支持link文件拷贝; force 覆盖远程主机不一致的内容; group 设定远程主机文件夹的组名; mode 指定远程主机文件及文件及的权限; owner 设定远程主机文件夹的用户名
Ansible copy模块企业常用案例如下:
Ansible copy模块操作,src表示源文件,dest表示目标目录或者文件,owner指定拥有者
[root@localhost ansible]# ansible all -k -m copy -a 'src=/etc/passwd dest=/tmp/ mode=755 owner=root' SSH password: 192.168.92.201 | SUCCESS => { "changed": true, "checksum": "3f14e74a1e22881c16e0dba763e8ef627dffdfac", "dest": "/tmp/passwd", "gid": 0, "group": "root", "md5sum": "5760d134bf70c7e039a7712d3e53e303", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 1952, "src": "/root/.ansible/tmp/ansible-tmp-1536983430.89-229230882166623/source", "state": "file", "uid": 0 } 192.168.92.203 | SUCCESS => { "changed": true, "checksum": "3f14e74a1e22881c16e0dba763e8ef627dffdfac", "dest": "/tmp/passwd", "gid": 0, "group": "root", "md5sum": "5760d134bf70c7e039a7712d3e53e303", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 1952, "src": "/root/.ansible/tmp/ansible-tmp-1536983430.92-65643535982393/source", "state": "file", "uid": 0 } 192.168.92.202 | SUCCESS => { "changed": true, "checksum": "3f14e74a1e22881c16e0dba763e8ef627dffdfac", "dest": "/tmp/passwd", "gid": 0, "group": "root", "md5sum": "5760d134bf70c7e039a7712d3e53e303", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 1952, "src": "/root/.ansible/tmp/ansible-tmp-1536983430.86-50393951797338/source", "state": "file", "uid": 0 }
Ansible copy模块操作,content文件内容,dest目标文件,owner指定拥有者,
[root@localhost ansible]# ansible all -k -m copy -a 'content="Hello World" dest=/tmp/nsh.txt mode=755 owner=root' SSH password: 192.168.92.201 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/nsh.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983570.13-5151267908351/source", "state": "file", "uid": 0 } 192.168.92.202 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/nsh.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983570.14-50036703688162/source", "state": "file", "uid": 0 } 192.168.92.203 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/nsh.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983570.2-100490547778040/source", "state": "file", "uid": 0 }
Ansible copy模块操作,content文件内容,dest目标文件,owner指定拥有者,backup=yes开启备份,
[root@localhost ansible]# ansible all -k -m copy -a 'content="Hello World" dest=/tmp/zhangsan.txt backup=yes mode=755 owner=root' SSH password: 192.168.92.201 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/zhangsan.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983641.24-136360284637193/source", "state": "file", "uid": 0 } 192.168.92.202 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/zhangsan.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983641.25-80404611579245/source", "state": "file", "uid": 0 } 192.168.92.203 | SUCCESS => { "changed": true, "checksum": "0a4d55a8d778e5022fab701977c5d840bbc486d0", "dest": "/tmp/zhangsan.txt", "gid": 0, "group": "root", "md5sum": "b10a8db164e0754105b7a99be72e3fe5", "mode": "0755", "owner": "root", "secontext": "unconfined_u:object_r:admin_home_t:s0", "size": 11, "src": "/root/.ansible/tmp/ansible-tmp-1536983641.27-275154227811292/source", "state": "file", "uid": 0 }
Ansible yum模块实战
Ansible yum模块主要用于软件的安装、升级、卸载,支持红帽.rpm软件的管理,YUM模块使用详解:
conf_file 设定远程yum执行时所依赖的yum配置文件 disable_gpg_check 安装软件包之前是否坚持gpg key; name 需要安装的软件名称,支持软件组安装; update_cache 安装软件前更新缓存; enablerepo 指定repo源名称; skip_broken 跳过异常软件节点; state 软件包状态,包括:installed、present、latest、absent、removed
Ansible yum模块企业常用案例如下:
Ansible yum模块操作,name表示需安装的软件名称,state表示状态,常见state= installed表示安装软件
[root@localhost ansible]# ansible all -k -m yum -a "name=sysstat,screen state=installed" SSH password: 192.168.92.203 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "sysstat-9.0.4-33.el6_9.1.x86_64 providing sysstat is already installed", "screen-4.0.3-19.el6.x86_64 providing screen is already installed" ] } 192.168.92.201 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "sysstat-9.0.4-33.el6_9.1.x86_64 providing sysstat is already installed", "screen-4.0.3-19.el6.x86_64 providing screen is already installed" ] } 192.168.92.202 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "sysstat-9.0.4-31.el6.x86_64 providing sysstat is already installed", "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * epel: mirrors.huaweicloud.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package screen.x86_64 0:4.0.3-19.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n screen x86_64 4.0.3-19.el6 base 494 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 494 k\nInstalled size: 795 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : screen-4.0.3-19.el6.x86_64 1/1 \n\r Verifying : screen-4.0.3-19.el6.x86_64 1/1 \n\nInstalled:\n screen.x86_64 0:4.0.3-19.el6 \n\nComplete!\n" ] }
Ansible yum模块操作,name表示需安装的软件名称,state表示状态,常见state= installed表示安装软件
[root@localhost ansible]# ansible all -k -m yum -a "name=sysstat,screen state=absent" SSH password: 192.168.92.202 | SUCCESS => { "changed": false, "msg": "", "rc": 0, "results": [ "sysstat is not installed", "screen is not installed" ] } 192.168.92.203 | SUCCESS => { "changed": true, "msg": "Existing lock /var/run/yum.pid: another copy is running as pid 9081.\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 62 M RSS (358 MB VSZ)\n Started: Sat Sep 15 12:01:36 2018 - 00:13 ago\n State : Uninterruptible, pid: 9081\nAnother app is currently holding the yum lock; waiting for it to exit...\n The other application is: yum\n Memory : 65 M RSS (362 MBVSZ)\n Started: Sat Sep 15 12:01:36 2018 - 00:15 ago\n State : Running, pid: 9081\nNo Match for argument: sysstat\n", "rc": 0, "results": [ "screen is not installed", "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Remove Process\nDetermining fastest mirrors\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nPackage(s) sysstat available, but not installed.\nNo Packages marked for removal\n" ] }
Ansible yum模块操作,name表示需安装的软件名称,state表示状态,常见state= installed,表示安装软件,disable_gpg_check=no不检查key。
[root@localhost ansible]# ansible all -k -m yum -a "name=sysstat,screen state=installed disable_gpg_check=no" SSH password: 192.168.92.203 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package screen.x86_64 0:4.0.3-19.el6 will be installed\n---> Package sysstat.x86_64 0:9.0.4-33.el6_9.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n screen x86_64 4.0.3-19.el6 base 494 k\n sysstat x86_64 9.0.4-33.el6_9.1 base 234 k\n\nTransaction Summary\n================================================================================\nInstall 2 Package(s)\n\nTotal download size: 729 k\nInstalled size: 1.6 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 984 kB/s | 729 kB 00:00 \nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : screen-4.0.3-19.el6.x86_64 1/2 \n\r Installing : sysstat-9.0.4-33.el6_9.1.x86_64 2/2 \n\r Verifying : sysstat-9.0.4-33.el6_9.1.x86_64 1/2 \n\r Verifying : screen-4.0.3-19.el6.x86_64 2/2 \n\nInstalled:\n screen.x86_64 0:4.0.3-19.el6 sysstat.x86_64 0:9.0.4-33.el6_9.1 \n\nComplete!\n" ] } 192.168.92.202 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * epel: mirrors.huaweicloud.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package screen.x86_64 0:4.0.3-19.el6 will be installed\n---> Package sysstat.x86_64 0:9.0.4-33.el6_9.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n screen x86_64 4.0.3-19.el6 base 494 k\n sysstat x86_64 9.0.4-33.el6_9.1base 234 k\n\nTransaction Summary\n================================================================================\nInstall 2 Package(s)\n\nTotal download size: 729 k\nInstalled size: 1.6 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 2.2 MB/s | 729 kB 00:00 \nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : screen-4.0.3-19.el6.x86_64 1/2 \n\r Installing : sysstat-9.0.4-33.el6_9.1.x86_64 2/2 \n\r Verifying : sysstat-9.0.4-33.el6_9.1.x86_64 1/2 \n\r Verifying : screen-4.0.3-19.el6.x86_64 2/2 \n\nInstalled:\n screen.x86_64 0:4.0.3-19.el6 sysstat.x86_64 0:9.0.4-33.el6_9.1 \n\nComplete!\n" ] } 192.168.92.201 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror, refresh-packagekit, security\nSetting up Install Process\nLoading mirror speeds from cached hostfile\n * base: mirrors.aliyun.com\n * extras: mirrors.aliyun.com\n * updates: mirrors.aliyun.com\nResolving Dependencies\n--> Running transaction check\n---> Package screen.x86_64 0:4.0.3-19.el6 will be installed\n---> Package sysstat.x86_64 0:9.0.4-33.el6_9.1 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n screen x86_64 4.0.3-19.el6 base 494 k\n sysstat x86_64 9.0.4-33.el6_9.1 base 234 k\n\nTransaction Summary\n================================================================================\nInstall 2 Package(s)\n\nTotal download size: 729 k\nInstalled size: 1.6 M\nDownloading Packages:\n--------------------------------------------------------------------------------\nTotal 132 kB/s | 729 kB 00:05 \nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : screen-4.0.3-19.el6.x86_64 1/2 \n\r Installing : sysstat-9.0.4-33.el6_9.1.x86_64 2/2 \n\r Verifying : sysstat-9.0.4-33.el6_9.1.x86_64 1/2 \n\r Verifying : screen-4.0.3-19.el6.x86_64 2/2 \n\nInstalled:\n screen.x86_64 0:4.0.3-19.el6 sysstat.x86_64 0:9.0.4-33.el6_9.1 \n\nComplete!\n" ] }
1.1 Ansible file模块实战
Ansible file模块主要用于对文件的创建、删除、修改、权限、属性的维护和管理,File模块使用详解:
src Ansible端源文件或者目录; follow 支持link文件拷贝; force 覆盖远程主机不一致的内容; group 设定远程主机文件夹的组名; mode 指定远程主机文件及文件及的权限; owner 设定远程主机文件夹的用户名; path 目标路径,也可以用dest,name代替; state 状态包括:file、link、directory、hard、touch、absent; attributes 文件或者目录特殊属性。
Ansible file模块企业常用案例如下:
Ansible file模块操作,path表示目录的名称和路径, state=directory表示创建目录,
[root@localhost ansible]# ansible -k 192.168.* -m file -a "path=/tmp/`date +%F` state=directory mode=755" SSH password: 192.168.92.201 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/2018-09-15", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 4096, "state": "directory", "uid": 0 } 192.168.92.203 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/2018-09-15", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 4096, "state": "directory", "uid": 0 } 192.168.92.202 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0755", "owner": "root", "path": "/tmp/2018-09-15", "secontext": "unconfined_u:object_r:user_tmp_t:s0", "size": 4096, "state": "directory", "uid": 0 }