ansible运维工具介绍
运维工具:
OS Provisioning:PXE,Cobbler(repository、distributioprofile)
PXE:dhcp、tftp、dnsmap、dns
OS Config:
puppet、saltstack、func
Task Execute:
fabric、func、saltstack
Deployment:
fabric
运维工具分类:
agent:puppet、func
agentless:ansible、fabric、ssh service
ansible核心组件:
ansible core
host iventory
core modules
custom modules
playbook (yaml)
ansible的特性:
基于Python语言实现,由Paramiko、PyYAML和Jinjia2三个关键模块
部署简单,agentless
默认使用SSH协议
主从模式:
master:ansible、ssh client
slave:ssh server
支持自定义模块,支持各种编程语言
支持playbook
基于”模块“完成各种“任务”
安装:依赖于epel源
配置文件:/etc/ansible/ansible.cfg
Inventory:/etc/ansible/hosts
如何查看模块帮助
ansible-doc -l
ansible-doc -s MODULE_NAME
ansible命令应用基础:
语法:ansible <host-pattern> [-f forks] [-m nodule_name] [-a args]
-f forks:启动的并发线程数
-m nodule_name:要使用的模块
-a args:模块特有的参数
常见模块:
command:命令模块,默认模块,用于在远程执行命令
ansible all -a
cron:
state:
present:安装
absent:移除
#ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron jobb"'
user:
name:指明创建的用户名字
ansible websrs -m user -a 'name="user1"'
ansible websrs -m user -a 'name=testuser uid=2000 system=yes group="testone"'
group:
ansible websrs -m group -a 'name=testone gid=2000 system=yes'
copy:
ansible websrs -m copy -a 'content="Hello Ansi\nHi Wo" dest="/tmp/ansi/test.txt"'
file:设定文件属性
path:指定文件路径,可以使用name和dest来替换
创建文件的符号链接:
src:指明源文件
path:指明符号链接文件路径
#ansible websrs -m file -a 'path=/tmp/ansi/aa.link src=/tmp/ansi/test.txt state=link'
ping:测试指定主机是否能连接
service:指定运行状态
enabled:是否开机自动启动,取值true或者false
name:服务名称
state:状态,取值有started,stopped,restarted;
shell:在远程主机上运行命令
尤其是在用到管道等功能的复杂命令
script:将本地脚本复制到远程主机并运行之,
注意:要使用相对指定脚本
yum:安装程序包
name:指明要安装的程序包,可以带上版本号
state:present,lasest表示安装,absent表示卸载
setup:收集远程主机的facts
每个被管理节点在接收并运行管理命令之前,会将自己相关信息,如操作系统版本,ip地址等报告给远程的ansible主机
======实战=====
1、安装ansible
$ yum install -y epel-release
$ yum info ansible
$ yum install -y ansible
$ rpm -ql ansible |head
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts
2、生成秘钥,测试秘钥是否同步
$ ssh-keygen -t rsa # 生成秘钥,直接enter
$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.201 # 输入远端服务器密码
$ ssh 'root@192.168.1.201'
Last login: Mon Jul 24 17:25:17 2023 from 192.168.1.6
[root@k8s-node2 ~]# hostname -i
192.168.1.201
[root@k8s-node2 ~]# exit
登出
Connection to 192.168.1.201 closed.
3、配置ansible文件
[root@k8s-master ~]# tail -7 /etc/ansible/hosts (末尾新增7行)
[teston]
192.168.1.201
192.168.1.202
[teston]
192.168.1.201
192.168.1.203
帮助查询 $ man ansible-doc
$ ansible-doc -s command
直接测试验证:
[root@k8s-master ~]# ansible 192.168.1.201 -m command -a 'date'
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日 星期二 16:17:23 CST
[root@k8s-master ~]# ansible teston -m command -a 'date'
192.168.1.203 | CHANGED | rc=0 >>
2023年 07月 25日 星期二 16:17:30 CST
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日 星期二 16:17:30 CST
[root@k8s-master ~]# ansible all -m command -a 'date'
192.168.1.203 | CHANGED | rc=0 >>
2023年 07月 25日 星期二 16:17:48 CST
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日 星期二 16:17:48 CST
192.168.1.202 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.1.202 port 22: No route to host",
"unreachable": true
}
4、基础操作
a、ansible默认模块:cron模块,任务计划模块
$ ansible-doc -s cron
$ ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job"' # 创建任务计划
$ ansible dbsrs -a 'crontab -l'
$ ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job" state="absent"' # 解除任务计划
root@k8s-master ~]# ansible teston -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job"'
192.168.1.203 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test cron job"
]
}
192.168.1.201 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": [
"test cron job"
]
}
[root@k8s-master ~]# ansible teston -a 'crontab -l'
192.168.1.201 | CHANGED | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/echo hell
192.168.1.203 | CHANGED | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/echo hell
[root@k8s-master ~]# ansible teston -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job" state="absent"'
192.168.1.201 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.1.203 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
[root@k8s-master ~]#
[root@k8s-master ~]# ansible teston -a 'crontab -l'
192.168.1.203 | CHANGED | rc=0 >>
192.168.1.201 | CHANGED | rc=0 >>
b、user创建删除用户
[root@linux-host1 ~]# ansible teston -m user -a 'name="user1"'
[root@linux-host1 ~]# ansible teston -m user -a 'name="user1" state="absent"'
[root@k8s-master ~]# ansible teston -m user -a 'name="user1"'
192.168.1.201 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1000,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1000
}
192.168.1.203 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"comment": "",
"create_home": true,
"group": 1001,
"home": "/home/user1",
"name": "user1",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 1001
}
[root@k8s-master ~]# id user1
uid=1001(user1) gid=1001(user1) 组=1001(user1)
[root@k8s-master ~]# ansible teston -m user -a 'name="user1" state="absent"'
192.168.1.201 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "user1",
"remove": false,
"state": "absent"
}
192.168.1.203 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"force": false,
"name": "user1",
"remove": false,
"state": "absent"
}
[root@k8s-master ~]# id user1
id: user1: no such user
$ ansible-doc -s group
$ ansible teston -m group -a 'name=testone gid=2000 system=yes'
$ ansible teston -m user -a 'name=testuser uid=2000 system=yes group="testone"'
用户组移除:
$ ansible teston -m user -a 'name=testuser uid=2000 system=yes group="testone" state="absent"'
$ ansible teston -m group -a 'name=testone gid=2000 system=yes state="absent"'
Copy模块
$ ansible teston -m command -a 'mkdir /tmp/ansi'
$ ansible teston -m copy -a 'src="/etc/fstab" dest="/tmp/ansi/" owner=root mode=644'
$ ansible teston -m command -a 'ls /tmp/ansi'
Content生成文件内容
$ ansible teston -m copy -a 'content="Hello Ansi\nHi Wo" dest="/tmp/ansi/test.txt"'
File设置文件属性,软链接。
$ ansible teston -m file -a 'owner=root group=root mode=644 path=/tmp/ansi/test.txt'
$ ansible teston -m file -a 'path=/tmp/ansi/aa.link src=/tmp/ansi/test.txt state=link'
$ ansible teston -m command -a 'ls -l /tmp/ansi/'
$ ansible all -m ping #用于测试使用
$ ansible teston -m command -a 'systemctl status network.target'
$ yum install httpd
$ ansible 192.168.19.132 -m command -a 'systemctl list-unit-files httpd.service'
$ ansible 192.168.19.132 -m command -a 'systemctl enable httpd.service'
$ ansible 192.168.19.132 -m command -a 'systemctl list-unit-files httpd.service'
$ ansible 192.168.19.132 -m service -a 'enabled=true name=httpd state=started'
$ ansible 192.168.19.132 -m command -a 'systemctl status httpd.service'
shell:在远程主机上运行命令,尤其是在用到管道等功能的复杂命令
$ ansible teston -m user -a 'name="user1"'
$ ansible teston -m shell -a 'echo user1|passwd --stdin user1'
script:将本地脚本复制到远程主机并运行之
$ cat test1.sh
#!/bin/bash
echo "hello ansible from script" >/tmp/script.ansi
useradd user2
$ chmod +x test1.sh
$ ansible teston -m script -a 'test1.sh'
$ ansible teston -m command -a 'cat /tmp/script.ansi'
yum:安装程序包
$ ansible teston -m yum -a 'state=present name=tree'
setup:收集远程主机的facts
$ ansible-doc -s setup
$ ansible 192.168.19.132 -m setup
