Ansible

介绍

1. Ansible不需要安装客户端,通过sshd去通信(无密钥登录)

2. Ansible基于模块工作,模块可以由任何语言开发

3. Ansible不仅支持命令行使用模块,也支持编写Yaml格式的playbook,易于编写和阅读

4.Ansible安装十分简单,CentOS上可直接Yum安装

5. Ansible有提供UI(浏览器图形化)www.ansible.com/tower,收费的官方文档 http://docs.ansible.com/ansible/latest/index.html

Ansible已经被RedHat公司收购,它在Github(https://github.com/ansible/ansible)上是一个非常受欢迎的开源软件

一、Ansible 安装

1. 环境准备

准备两台机器

主机名:ansible-01  IP: 192.168.233.210

主机名:ansible-02  IP:192.168.233.211

在两台机器上关闭防火墙和SELinux,并修改/etc/hosts文件

# mount /dev/sr0 /opt/centos
# yum clean all
# yum repolist
# systemctl stop firewalld # systemctl disable firewalld # setenforce 0 # vi /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.233.210 ansible-01 //添加两台主机的IP和主机名 192.168.233.211 ansible-02

2. 安装 Ansible

准备两台机器anisble-01和anisble-02,只需要在anisble-01上安装Ansible,先安装epel仓库

# yum install epel-release -y 
# yum install -y ansible
# ansible --version
   ansible 2.9.25
     config file = /etc/ansible/ansible.cfg
     configured module search path = 
   [u'/root/.ansible/plugins/modules', 
   u'/usr/share/ansible/plugins/modules']
     ansible python module location = /usr/lib/python2.7/site- 
   packages/ansible
     executable location = /usr/bin/ansible
     python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 
   4.8.5 20150623 (Red Hat 4.8.5-4)]

3. 免密配置

anisble-01上生成密钥对ssh-keygen -t rsa,把公钥放到anisble-02上,设置密钥认证。

注意:需要将本机也配置免密。

# ssh-keygen -t rsa
   Generating public/private rsa key pair.
   Enter file in which to save the key (/root/.ssh/id_rsa): 
   Created directory '/root/.ssh'.
   Enter passphrase (empty for no passphrase): 
   Enter same passphrase again: 
   Your identification has been saved in /root/.ssh/id_rsa.
   Your public key has been saved in /root/.ssh/id_rsa.pub.
   The key fingerprint is:
   d6:b2:50:b6:24:51:86:2c:ac:08:70:c0:78:2f:b4:4f 
   root@ansible-test01
   The key's randomart image is:
   +--[ RSA 2048]----+
   |*... ..oo        |
   |ooo o oo         |
   |.+ + .. +        |
   |. + E  = o       |
   |   +  . S .      |
   |    .  o o       |
   |        .        |
   |                 |
   |                 |
   +-----------------+
# ssh-copy-id 192.168.233.211
   /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
   The authenticity of host '192.168.211 (192.168.211)' can't be established.
   ECDSA key fingerprint is SHA256:PpgkRDlxK0Fo7pnSeJyYC9p4KYbIgATP7gM+4G5UAIg.
   ECDSA key fingerprint is MD5:54:a9:14:91:fa:fc:cc:ee:30:0d:a3:5b:05:b9:97:b2.
   Are you sure you want to continue connecting (yes/no)? yes
   /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
   /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
   root@192.168.233.211's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.233.211'"
and check to make sure that only the key(s) you wanted were added.
# ssh 192.168.233.211
Last login: Sun Jan  9 05:57:10 2022 from 192.168.233.211
# exit
logout
Connection to 192.168.233.211 closed.

4. 主机组设置

在/etc/ansible/hosts文件中添加本机和另一台机器的IP:

# vi /etc/ansible/hosts
  [testhost]
  192.168.233.210
  192.168.233.211

说明:testhost为自定义的主机组名字,下面两个IP为组内的机器IP

二、Ansible远程执行命令

这里的testhost为主机组名,-m后边是模块名字,-a后面是命令。当然我们也可以直接写一个IP,针对某一台机器来执行命令

# ansible testhost -m command -a "hostname"
192.168.233.210 | CHANGED | rc=0 >>
localhost.localdomain
192.168.233.211 | CHANGED | rc=0 >>
localhost.localdomain

三、Ansible 拷贝文件或目录

# ansible 192.168.233.211 -m copy -a "src=/etc/passwd  
   dest=/tmp/123"
   192.168.233.211 | CHANGED => {
       "ansible_facts": {
           "discovered_interpreter_python": "/usr/bin/python"
       }, 
       "changed": true, 
       "checksum": 
   "bbb638262b9bde418e73cf5097f94a8719f20651", 
       "dest": "/tmp/123/passwd", 
       "gid": 0, 
       "group": "root", 
       "md5sum": "c8b6c2210fc61c556bff22f8f3a7247f", 
       "mode": "0644", 
       "owner": "root", 
       "size": 1093, 
       "src": "/root/.ansible/tmp/ansible-tmp-1650643373.91-5305-26730121637730/source", 
       "state": "file", 
       "uid": 0
   }

四、Ansible 远程执行脚本

首先创建一个shell脚本

# vi /tmp/test.sh
  #!/bin/bash
  echo `date` > /tmp/ansible_test.txt

然后把该脚本分发到各个机器上

# ansible testhost -m copy -a "src=/tmp/test.sh“
dest=/tmp/test.sh 
mode=0755"
192.168.233.210 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
   "changed": true,  
    "checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade", 
    "dest": "/tmp/test.sh", 
    "gid": 0, 
    "group": "root", 
    "mode": "0644", 
    "owner": "root", 
    "path": "/tmp/test.sh", 
    "size": 48, 
    "state": "file", 
    "uid": 0
}
192.168.233.211 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 

 "changed": true,

    "checksum": "1a6e4af02dba1bda6fc8e23031d4447efeba0ade",

    "dest": "/tmp/test.sh",

    "gid": 0,

    "group": "root",

    "md5sum": "edfaa4371316af8c5ba354e708fe8a97",

    "mode": "0644",

    "owner": "root",

    "size": 48,

    "src": "/root/.ansible/tmp/ansible-tmp-1641727206.43-2499-236587765379928/source",

    "state": "file",

    "uid": 0

}

最后批量执行该shell脚本

[root@localhost ~]# ansible testhost -m shell -a "bash /tmp/test.sh"
192.168.233.210 | CHANGED | rc=0 >>
192.168.233.211 | CHANGED | rc=0 >>

shell模块,还支持远程执行命令并且带管道

[root@localhost ~]# ansible testhost -m shell -a "cat /etc/passwd |wc -l "
192.168.233.211 | CHANGED | rc=0 >>
23
192.168.233.210 | CHANGED | rc=0 >>
22
[root@localhost ~]# vi /tmp/ansible_test.txt

  Sun Jan 9 06:27:28 EST 2022

运行成功

五、Ansible 管理任务计划

[root@localhost ~]# ansible testhost -m cron -a "name='test cron' job='/bin/bash/tmp/test.sh'weekday=6  state=present(默认自带)"
192.168.233.210 | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "msg": "value of state must be one of: present, absent, got: present(默认自带)"
}
192.168.233.211 | FAILED! => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "msg": "value of state must be one of: present, absent, got: present(默认自带)"
}

若要删除该cron只需要加一个字段state=absent

[root@localhost ~]# ansible testhost -m cron -a "name='test cron' 
state=absent"
192.168.233.210 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}
192.168.233.211 | CHANGED => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": true, 
    "envs": [], 
    "jobs": []
}

六、Ansible 安装 RPM 包/管理服务

使用Yum模块安装httpd服务

[root@localhost ~]# ansible testhost -m yum -a "name=httpd"
192.168.233.211 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
    ]
}
192.168.233.210 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "msg": "", 
    "rc": 0, 
    "results": [
        "httpd-2.4.6-97.el7.centos.5.x86_64 providing httpd is already installed"
    ]
}

在name后面还可以加上state=installed/removed。

设置服务状态,这里的name是CentOS系统里的服务名,可以通过chkconfig –list命令查到

[root@localhost ~]# ansible testhost -m service -a "name=httpd state=started enabled=yes"
192.168.233.210 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python"
    }, 
    "changed": false, 
    "enabled": true, 
    "name": "httpd", 
    "state": "started", 
    "status": {
        "ActiveEnterTimestamp": "五 2022-04-22 23:38:29 CST", 
        "ActiveEnterTimestampMonotonic": "3396979909", 
        "ActiveExitTimestampMonotonic": "0", 
        "ActiveState": "active", 
       ......
       ......
        "SubState": "running", 
        "SyslogLevelPrefix": "yes", 
        "SyslogPriority": "30", 
        "SystemCallErrorNumber": "0", 
        "TTYReset": "no", 
        "TTYVHangup": "no", 
        "TTYVTDisallocate": "no", 
        "TimeoutStartUSec": "1min 30s", 
        "TimeoutStopUSec": "1min 30s", 
        "TimerSlackNSec": "50000", 
        "Transient": "no", 
        "Type": "notify", 
        "UMask": "0022", 
        "UnitFilePreset": "disabled", 
        "UnitFileState": "enabled", 
        "WantedBy": "multi-user.target", 
        "Wants": "system.slice", 
        "WatchdogTimestamp": "五 2022-04-22 23:38:29 CST", 
        "WatchdogTimestampMonotonic": "3392838648", 
        "WatchdogUSec": "0"
    }
}

Ansible文档的使用

# ansible-doc -l    //列出所有模块

 

posted @ 2022-04-22 16:33  蜡笔小新๑  阅读(142)  评论(0编辑  收藏  举报