ansible运维工具介绍

运维工具：
OS Provisioning：PXE，Cobbler（repository、distributioprofile）
PXE：dhcp、tftp、dnsmap、dns
OS Config：
puppet、saltstack、func
Task Execute：
fabric、func、saltstack
Deployment：
fabric

运维工具分类：
agent：puppet、func
agentless：ansible、fabric、ssh service

ansible核心组件：
ansible core
host iventory
core modules
custom modules
playbook （yaml）

ansible的特性：
基于Python语言实现，由Paramiko、PyYAML和Jinjia2三个关键模块
部署简单，agentless
默认使用SSH协议
主从模式：
master：ansible、ssh client
slave：ssh server
支持自定义模块，支持各种编程语言
支持playbook
基于”模块“完成各种“任务”

安装：依赖于epel源
配置文件：/etc/ansible/ansible.cfg
Inventory：/etc/ansible/hosts

如何查看模块帮助
ansible-doc -l
ansible-doc -s MODULE_NAME

ansible命令应用基础：
语法：ansible <host-pattern> [-f forks] [-m nodule_name] [-a args]
-f forks：启动的并发线程数
-m nodule_name：要使用的模块
-a args:模块特有的参数
常见模块：
command：命令模块，默认模块，用于在远程执行命令
ansible all -a

cron：
state：
present：安装
absent：移除
#ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron jobb"'
user：
name：指明创建的用户名字
ansible websrs -m user -a 'name="user1"'
ansible websrs -m user -a 'name=testuser uid=2000 system=yes group="testone"'

group：
ansible websrs -m group -a 'name=testone gid=2000 system=yes'

copy：
ansible websrs -m copy -a 'content="Hello Ansi\nHi Wo" dest="/tmp/ansi/test.txt"'

file：设定文件属性
path：指定文件路径，可以使用name和dest来替换
创建文件的符号链接：
src：指明源文件
path：指明符号链接文件路径
#ansible websrs -m file -a 'path=/tmp/ansi/aa.link src=/tmp/ansi/test.txt state=link'

ping：测试指定主机是否能连接

service：指定运行状态
enabled：是否开机自动启动，取值true或者false
name：服务名称
state：状态，取值有started，stopped，restarted；

shell:在远程主机上运行命令
尤其是在用到管道等功能的复杂命令

script：将本地脚本复制到远程主机并运行之，
注意：要使用相对指定脚本

yum：安装程序包
name：指明要安装的程序包，可以带上版本号
state：present，lasest表示安装，absent表示卸载

setup：收集远程主机的facts
每个被管理节点在接收并运行管理命令之前，会将自己相关信息，如操作系统版本，ip地址等报告给远程的ansible主机

======实战=====

1、安装ansible
$ yum install -y epel-release
$ yum info ansible
$ yum install -y ansible
$ rpm -ql ansible |head
/etc/ansible
/etc/ansible/ansible.cfg
/etc/ansible/hosts

2、生成秘钥，测试秘钥是否同步
$ ssh-keygen -t rsa # 生成秘钥，直接enter
$ ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.1.201 # 输入远端服务器密码
$ ssh 'root@192.168.1.201'
Last login: Mon Jul 24 17:25:17 2023 from 192.168.1.6
[root@k8s-node2 ~]# hostname -i
192.168.1.201
[root@k8s-node2 ~]# exit
登出
Connection to 192.168.1.201 closed.

3、配置ansible文件
[root@k8s-master ~]# tail -7 /etc/ansible/hosts （末尾新增7行）
[teston]
192.168.1.201
192.168.1.202

[teston]
192.168.1.201
192.168.1.203

帮助查询 $ man ansible-doc
$ ansible-doc -s command
直接测试验证：
[root@k8s-master ~]# ansible 192.168.1.201 -m command -a 'date'
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日星期二 16:17:23 CST
[root@k8s-master ~]# ansible teston -m command -a 'date'
192.168.1.203 | CHANGED | rc=0 >>
2023年 07月 25日星期二 16:17:30 CST
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日星期二 16:17:30 CST
[root@k8s-master ~]# ansible all -m command -a 'date'
192.168.1.203 | CHANGED | rc=0 >>
2023年 07月 25日星期二 16:17:48 CST
192.168.1.201 | CHANGED | rc=0 >>
2023年 07月 25日星期二 16:17:48 CST
192.168.1.202 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: ssh: connect to host 192.168.1.202 port 22: No route to host",
"unreachable": true
}

4、基础操作
a、ansible默认模块：cron模块，任务计划模块
$ ansible-doc -s cron
$ ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job"' # 创建任务计划
$ ansible dbsrs -a 'crontab -l'
$ ansible dbsrs -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job" state="absent"' # 解除任务计划

root@k8s-master ~]# ansible teston -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job"'     
192.168.1.203 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test cron job"
    ]
}
192.168.1.201 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": [
        "test cron job"
    ]
}
[root@k8s-master ~]# ansible teston -a 'crontab -l'     
192.168.1.201 | CHANGED | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/echo hell
192.168.1.203 | CHANGED | rc=0 >>
#Ansible: test cron job
*/10 * * * * /bin/echo hell
[root@k8s-master ~]# ansible teston -m cron -a 'minute="*/10" job="/bin/echo hell" name="test cron job" state="absent"'
192.168.1.201 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.1.203 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
[root@k8s-master ~]# 
[root@k8s-master ~]# ansible teston -a 'crontab -l'
192.168.1.203 | CHANGED | rc=0 >>

192.168.1.201 | CHANGED | rc=0 >>

View Code

b、user创建删除用户
[root@linux-host1 ~]# ansible teston -m user -a 'name="user1"'
[root@linux-host1 ~]# ansible teston -m user -a 'name="user1" state="absent"'

[root@k8s-master ~]# ansible teston -m user -a 'name="user1"'
192.168.1.201 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1000, 
    "home": "/home/user1", 
    "name": "user1", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1000
}
192.168.1.203 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "comment": "", 
    "create_home": true, 
    "group": 1001, 
    "home": "/home/user1", 
    "name": "user1", 
    "shell": "/bin/bash", 
    "state": "present", 
    "system": false, 
    "uid": 1001
}
[root@k8s-master ~]# id user1
uid=1001(user1) gid=1001(user1) 组=1001(user1)
[root@k8s-master ~]# ansible teston -m user -a 'name="user1" state="absent"'
192.168.1.201 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "force": false, 
    "name": "user1", 
    "remove": false, 
    "state": "absent"
}
192.168.1.203 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "force": false, 
    "name": "user1", 
    "remove": false, 
    "state": "absent"
}
[root@k8s-master ~]# id user1
id: user1: no such user

View Code

$ ansible-doc -s group
$ ansible teston -m group -a 'name=testone gid=2000 system=yes'
$ ansible teston -m user -a 'name=testuser uid=2000 system=yes group="testone"'

用户组移除：
$ ansible teston -m user -a 'name=testuser uid=2000 system=yes group="testone" state="absent"'
$ ansible teston -m group -a 'name=testone gid=2000 system=yes state="absent"'

Copy模块
$ ansible teston -m command -a 'mkdir /tmp/ansi'
$ ansible teston -m copy -a 'src="/etc/fstab" dest="/tmp/ansi/" owner=root mode=644'
$ ansible teston -m command -a 'ls /tmp/ansi'

Content生成文件内容
$ ansible teston -m copy -a 'content="Hello Ansi\nHi Wo" dest="/tmp/ansi/test.txt"'

File设置文件属性，软链接。
$ ansible teston -m file -a 'owner=root group=root mode=644 path=/tmp/ansi/test.txt'
$ ansible teston -m file -a 'path=/tmp/ansi/aa.link src=/tmp/ansi/test.txt state=link'
$ ansible teston -m command -a 'ls -l /tmp/ansi/'

$ ansible all -m ping #用于测试使用
$ ansible teston -m command -a 'systemctl status network.target'

$ yum install httpd
$ ansible 192.168.19.132 -m command -a 'systemctl list-unit-files httpd.service'
$ ansible 192.168.19.132 -m command -a 'systemctl enable httpd.service'
$ ansible 192.168.19.132 -m command -a 'systemctl list-unit-files httpd.service'
$ ansible 192.168.19.132 -m service -a 'enabled=true name=httpd state=started'
$ ansible 192.168.19.132 -m command -a 'systemctl status httpd.service'

shell:在远程主机上运行命令，尤其是在用到管道等功能的复杂命令
$ ansible teston -m user -a 'name="user1"'
$ ansible teston -m shell -a 'echo user1|passwd --stdin user1'

script：将本地脚本复制到远程主机并运行之
$ cat test1.sh
#!/bin/bash
echo "hello ansible from script" >/tmp/script.ansi
useradd user2
$ chmod +x test1.sh
$ ansible teston -m script -a 'test1.sh'
$ ansible teston -m command -a 'cat /tmp/script.ansi'

yum：安装程序包
$ ansible teston -m yum -a 'state=present name=tree'

setup：收集远程主机的facts
$ ansible-doc -s setup
$ ansible 192.168.19.132 -m setup