Ansible
介绍
1. Ansible不需要安装客户端,通过sshd去通信(无密钥登录)
2. Ansible基于模块工作,模块可以由任何语言开发
3. Ansible不仅支持命令行使用模块,也支持编写Yaml格式的playbook,易于编写和阅读
4.Ansible安装十分简单,CentOS上可直接Yum安装
5. Ansible有提供UI(浏览器图形化)www.ansible.com/tower,收费的官方文档 http://docs.ansible.com/ansible/latest/index.html
Ansible已经被RedHat公司收购,它在Github(https://github.com/ansible/ansible)上是一个非常受欢迎的开源软件
一、Ansible 安装
1. 环境准备
准备两台机器
主机名:ansible-01 IP: 192.168.233.210
主机名:ansible-02 IP:192.168.233.211
在两台机器上关闭防火墙和SELinux,并修改/etc/hosts文件
# mount /dev/sr0 /opt/centos
# yum clean all
# yum repolist
# systemctl stop firewalld
# systemctl disable firewalld
# setenforce 0
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.233.210 ansible-01 //添加两台主机的IP和主机名
192.168.233.211 ansible-02
2. 安装 Ansible
准备两台机器anisble-01和anisble-02,只需要在anisble-01上安装Ansible,先安装epel仓库
# yum install epel-release -y
# yum install -y ansible
# ansible --version
ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path =
[u'/root/.ansible/plugins/modules',
u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-
packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC
4.8.5 20150623 (Red Hat 4.8.5-4)]
3. 免密配置
anisble-01上生成密钥对ssh-keygen -t rsa,把公钥放到anisble-02上,设置密钥认证。
注意:需要将本机也配置免密。
# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d6:b2:50:b6:24:51:86:2c:ac:08:70:c0:78:2f:b4:4f
root@ansible-test01
The key's randomart image is:
+--[ RSA 2048]----+
|*... ..oo |
|ooo o oo |
|.+ + .. + |
|. + E = o |
| + . S . |
| . o o |
| . |
| |
| |
+-----------------+
# ssh-copy-id 192.168.233.211
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.211 (192.168.211)' can't be established.
ECDSA key fingerprint is SHA256:PpgkRDlxK0Fo7pnSeJyYC9p4KYbIgATP7gM+4G5UAIg.
ECDSA key fingerprint is MD5:54:a9:14:91:fa:fc:cc:ee:30:0d:a3:5b:05:b9:97:b2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.233.211's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.233.211'"
and check to make sure that only the key(s) you wanted were added.
# ssh 192.168.233.211
Last login: Sun Jan 9 05:57:10 2022 from 192.168.233.211
# exit
logout
Connection to 192.168.233.211 closed.
4. 主机组设置
在/etc/ansible/hosts文件中添加本机和另一台机器的IP:
# vi /etc/ansible/hosts
[testhost]
192.168.233.210
192.168.233.211
说明:testhost为自定义的主机组名字,下面两个IP为组内的机器IP
二、Ansible远程执行命令
这里的testhost为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个IP,针对某一台机器来执行命令
# ansible testhost -m command -a "hostname"
192.168.233.210 | CHANGED | rc=0 >>
localhost.localdomain
192.168.233.211 | CHANGED | rc=0 >>
localhost.localdomain
三、Ansible 拷贝文件或目录
# ansible 192.168.233.211 -m copy -a "src=/etc/passwd
dest=/tmp/123"
192.168.233.211 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum":
"bbb638262b9bde418e73cf5097f94a8719f20651",
"dest": "/tmp/123/passwd",
"gid": 0,
"group": "root",
"md5sum": "c8b6c2210fc61c556bff22f8f3a7247f",
"mode": "0644",
"owner": "root",
"size": 1093,
"src": "/root/.ansible/tmp/ansible-tmp-1650643373.91-5305-26730121637730/source",
"state": "file",
"uid": 0
}
四、Ansible 远程执行脚本
首先创建一个shell脚本
# vi /tmp/test.sh
#!/bin/bash
echo `date` > /tmp/ansible_test.txt
然后把该脚本分发到各个机器上
# ansible testhost -m copy -a "src=/tmp/test.sh“
dest=/tmp/test.sh
mode=0755"
192.168.233.210 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/tmp/test.sh",
"size": 48,
"state": "file",
"uid": 0
}
192.168.233.211 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade",
"dest": "/tmp/test.sh",
"gid": 0,
"group": "root",
"md5sum": "edfaa4371316af8c5ba354e708fe8a97",
"mode": "0644",
"owner": "root",
"size": 48,
"src": "/root/.ansible/tmp/ansible-tmp-1641727206.43-2499-236587765379928/source",
"state": "file",
"uid": 0
}
最后批量执行该shell脚本
[root@localhost ~]# ansible testhost -m shell -a "bash /tmp/test.sh"
192.168.233.210 | CHANGED | rc=0 >>
192.168.233.211 | CHANGED | rc=0 >>
shell模块,还支持远程执行命令并且带管道
[root@localhost ~]# ansible testhost -m shell -a "cat /etc/passwd |wc -l "
192.168.233.211 | CHANGED | rc=0 >>
23
192.168.233.210 | CHANGED | rc=0 >>
22
[root@localhost ~]# vi /tmp/ansible_test.txt
Sun Jan 9 06:27:28 EST 2022
运行成功
五、Ansible 管理任务计划
[root@localhost ~]# ansible testhost -m cron -a "name='test cron' job='/bin/bash/tmp/test.sh'weekday=6 state=present(默认自带)"
192.168.233.210 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "value of state must be one of: present, absent, got: present(默认自带)"
}
192.168.233.211 | FAILED! => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "value of state must be one of: present, absent, got: present(默认自带)"
}
若要删除该cron只需要加一个字段state=absent
[root@localhost ~]# ansible testhost -m cron -a "name='test cron'
state=absent"
192.168.233.210 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
192.168.233.211 | CHANGED => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": true,
"envs": [],
"jobs": []
}
六、Ansible 安装 RPM 包/管理服务
使用Yum模块安装httpd服务
[root@localhost ~]# ansible testhost -m yum -a "name=httpd"
192.168.233.211 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
]
}
192.168.233.210 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"msg": "",
"rc": 0,
"results": [
"httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
]
}
在name后面还可以加上state=installed/removed。
设置服务状态,这里的name是CentOS系统里的服务名,可以通过chkconfig –list命令查到
[root@localhost ~]# ansible testhost -m service -a "name=httpd state=started enabled=yes"
192.168.233.210 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"enabled": true,
"name": "httpd",
"state": "started",
"status": {
"ActiveEnterTimestamp": "五 2022-04-22 23:38:29 CST",
"ActiveEnterTimestampMonotonic": "3396979909",
"ActiveExitTimestampMonotonic": "0",
"ActiveState": "active",
......
......
"SubState": "running",
"SyslogLevelPrefix": "yes",
"SyslogPriority": "30",
"SystemCallErrorNumber": "0",
"TTYReset": "no",
"TTYVHangup": "no",
"TTYVTDisallocate": "no",
"TimeoutStartUSec": "1min 30s",
"TimeoutStopUSec": "1min 30s",
"TimerSlackNSec": "50000",
"Transient": "no",
"Type": "notify",
"UMask": "0022",
"UnitFilePreset": "disabled",
"UnitFileState": "enabled",
"WantedBy": "multi-user.target",
"Wants": "system.slice",
"WatchdogTimestamp": "五 2022-04-22 23:38:29 CST",
"WatchdogTimestampMonotonic": "3392838648",
"WatchdogUSec": "0"
}
}
Ansible文档的使用
# ansible-doc -l //列出所有模块