Python在运维工作中的经典应用之ansible
1.安装ansible
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo yum install ansible -y
克隆虚拟机
hostnamectl set-hostname standby vim /etc/sysconfig/network-scripts/ifcfg-eth0 IPADDR=10.0.0.200 UUID行删掉 vim /etc/hosts 10.0.0.200 standby systemctl restart network
Linux的 SSHD(22)
验证方式:
(1)用户+密码(PAM)
(2)秘钥验证(公钥:钥匙和私钥:锁)
通过秘钥对实现,需要将公钥分发到各节点
2.管理被控端,管理机先生成秘钥,然后推送公钥
ssh-keygen
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.200
多台机器情况下:
[root@demo ~]# for i in {1..12};do ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.$i;done
3.配置被管理的主机清单
[root@demo ~]# vim /etc/ansible/hosts [web] 10.0.0.100 10.0.0.200
4.使用ansible的ad-hoc测试
[root@demo ~]# ansible all -m ping 测试成功显示 ------------------------------------------------------ 10.0.0.12 | SUCCESS => { "changed": false, "ping": "pong" } 10.0.0.11 | SUCCESS => { "changed": false, "ping": "pong" } ------------------------------------------------------
#执行远程命令 [root@demo ~]# ansible all -m shell -a "df -h" 执行后结果 ---------------------------------------------------------------------- 10.0.0.12 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 3.4G 95G 4% / devtmpfs 477M 0 477M 0% /dev tmpfs 488M 0 488M 0% /dev/shm tmpfs 488M 7.7M 480M 2% /run tmpfs 488M 0 488M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 98M 0 98M 0% /run/user/0 10.0.0.11 | CHANGED | rc=0 >> Filesystem Size Used Avail Use% Mounted on /dev/sda3 98G 1.6G 97G 2% / devtmpfs 981M 0 981M 0% /dev tmpfs 992M 124K 992M 1% /dev/shm tmpfs 992M 9.6M 982M 1% /run tmpfs 992M 0 992M 0% /sys/fs/cgroup /dev/sda1 197M 102M 96M 52% /boot tmpfs 199M 0 199M 0% /run/user/0 ----------------------------------------------------------------------
5.ansible playbook自动化安装nginx
[root@demo ~]# vim playbook_nginx.yml
- hosts: web remote_user: root vars: http_port: 80 tasks: - name: Add Nginx Yum Repository yum_repository: name: nginx description: Nginx Repository baseurl: http://nginx.org/packages/centos/7/$basearch/ gpgcheck: no - name: Install Nginx Server yum: name=nginx state=present - name: Configure Nginx Server template: src=./default.conf.template dest=/etc/nginx/conf.d/default.conf notify: Restart Nginx Server - name: Start Nginx Server service: name=nginx state=started enabled=yes handlers: - name: Restart Nginx Server service: name=nginx state=restarted
6.default.conf.template文件如下
[root@demo ~]#vim default.conf.template server { listen {{ http_port }}; server_name localhost; location / { root /usr/share/nginx/html; index index.html index.htm; } }
7.执行ansible-playbook
检查语法 [root@demo ~]# ansible-playbook --syntax playbook_nginx.yml 模拟执行 [root@demo ~]# ansible-playbook -C playbook_nginx.yml 执行 [root@demo ~]# ansible-playbook playbook_nginx.yml