Linux Ansible介紹
阿新 • • 發佈:2018-06-10
ansibleansible自動化運維工具,具有以下特性
1、 模塊化:調用特定的模塊,完成特定任務
2、有Paramiko,PyYAML,Jinja2(模板語言)三個關鍵模塊
3、支持自定義模塊
4、基於Python語言實現
5、部署簡單,基於python和SSH(默認已安裝),agentless
6、安全,基於OpenSSH
7、支持playbook編排任務
8、冪等性:一個任務執行1遍和執行n遍效果一樣,不因重復執行帶來意外情況
9、無需代理不依賴PKI(無需ssl)
11、可使用任何編程語言寫模塊
12、YAML格式,編排任務,支持豐富的數據結構
13、較強大的多層解決方案
1、 模塊化:調用特定的模塊,完成特定任務
2、有Paramiko,PyYAML,Jinja2(模板語言)三個關鍵模塊
3、支持自定義模塊
4、基於Python語言實現
5、部署簡單,基於python和SSH(默認已安裝),agentless
6、安全,基於OpenSSH
7、支持playbook編排任務
8、冪等性:一個任務執行1遍和執行n遍效果一樣,不因重復執行帶來意外情況
9、無需代理不依賴PKI(無需ssl)
11、可使用任何編程語言寫模塊
12、YAML格式,編排任務,支持豐富的數據結構
13、較強大的多層解決方案
架構圖如下:
使用
安裝
[root@node1 ~]# yum -y install ansible
配置主機
[root@node1 ansible]# vim /etc/ansible/hosts
[frontend]
192.168.1.1.201
192.168.1.1.202
[backend]
192.168.1.1.203
192.168.1.1.210
如何使用ansible
1、 模塊查詢
[root@node1 ansible]# ansible-doc -l
2、 具體模塊幫助
[root@node1 ansible]# ansible-doc -s group - name: Add or remove groups group: gid: # Optional `GID‘ to set for the group. name: # (required) Name of the group to manage. state: # Whether the group should be present or not on the remote host. 創建present 刪除absent system: # If `yes‘, indicates that the group created is a system group.
3、 檢測
[root@node1 ansible]# ansible all -m group -a "gid=3001 name=mygrp1 state=present system=no" -C
192.168.1.210 | SUCCESS => {
"changed": true
}
...
4、執行
[root@node1 ansible]# ansible all -m group -a "gid=3000 name=mygrp state=present system=no" 192.168.1.210 | SUCCESS => { "changed": true, "gid": 3000, "name": "mygrp", "state": "present", "system": false } .....
4、撤銷
[root@node1 ansible]# ansible all -m group -a "gid=3000 name=mygrp state=absent system=no"
192.168.1.210 | SUCCESS => {
"changed": true,
"name": "mygrp",
"state": "absent"
}
....
很多模塊都是類似這種操作
user模塊
使用查看
[root@node1 ansible]# ansible-doc -s user
添加(absent 刪除)
[root@node1 ansible]# ansible all -m user -a ‘uid=5000 name=testuser state=present groups=mygrp‘
192.168.1.202 | SUCCESS => {
"changed": true,
"comment": "",
"create_home": true,
"group": 5000,
"groups": "mygrp",
"home": "/home/testuser",
"name": "testuser",
"shell": "/bin/bash",
"state": "present",
"system": false,
"uid": 5000
}
驗證
[root@node2 ~]# id testuser
uid=5000(testuser) gid=5000(testuser) groups=5000(testuser),3000(mygrp)
copy模塊
使用查看
[root@node1 ansible]# ansible-doc -s copy
復制目錄
[root@node1 ~]# ansible all -m copy -a ‘src=/root/aa dest=/root/ mode=600‘
192.168.1.210 | SUCCESS => {
"changed": true,
"dest": "/root/",
"src": "/root/aa"
}
#src 若果沒有/ 復制整個目錄;如果帶/,復制目錄中的文件
復制文件
[root@node1 ~]# ansible all -m copy -a ‘src=/root/b.exp dest=/root/bb.exp mode=600‘
192.168.1.210 | SUCCESS => {
"changed": true,
"checksum": "4e838c8f13d7ca2f3dd9c46383160aded4b75bd9",
"dest": "/root/bb.exp",
"gid": 0,
"group": "root",
"md5sum": "d05c1a3a2690061ef62cc018c2226bd5",
"mode": "0600",
"owner": "root",
"size": 378,
"src": "~None/.ansible/tmp/ansible-tmp-1528591498.22-24846919673848/source",
"state": "file",
"uid": 0
}
[root@node1 ~]# ansible all -m copy -a ‘content="hello world\n" dest=/root/hi.txt mode=600‘
192.168.1.210 | SUCCESS => {
"changed": true,
"checksum": "22596363b3de40b06f981fb85d82312e8c0ed511",
"dest": "/root/hi.txt",
"gid": 0,
"group": "root",
"md5sum": "6f5902ac237024bdd0c176cb93063dc4",
"mode": "0600",
"owner": "root",
"size": 12,
"src": "~None/.ansible/tmp/ansible-tmp-1528591685.59-213464252719003/source",
"state": "file",
"uid": 0
}
fetch拉取
[root@node1 ~]# ansible-doc -s fetch
[root@node1 ~]# ansible 192.168.1.201 -m fetch -a ‘dest=/root/ src=/root/rules.sh‘
192.168.1.201 | SUCCESS => {
"changed": true,
"checksum": "68fa058075bcabe9640367e48b934482bb96f64d",
"dest": "/root/192.168.1.201/root/rules.sh",
"md5sum": "af3fbce7c4b620497adf4324f7d92afa",
"remote_checksum": "68fa058075bcabe9640367e48b934482bb96f64d",
"remote_md5sum": null
}
[root@node1 ~]# ls 192.168.1.201/root/rules.sh
command shell模塊
command:不做shell解析
shell:更好用[root@node1 ~]# ansible-doc -s command [root@node1 ~]# ansible-doc -s shell
[root@node1 ~]# ansible all -m command -a ‘chdir=/root ls‘
192.168.1.210 | SUCCESS | rc=0 >>
aa
anaconda-ks.cfg
bb.exp
hi.txt
~None
original-ks.cfg
command不支持管道操作
[root@node1 ~]# ansible all -m command -a ‘echo "zander"|passwd testuser --stdin‘
192.168.1.210 | SUCCESS | rc=0 >>
zander|passwd testuser --stdin
shell可以解析shell命令
[root@node1 ~]# ansible all -m shell -a ‘echo "zander"|passwd testuser --stdin ‘
192.168.1.210 | SUCCESS | rc=0 >>
Changing password for user testuser.
passwd: all authentication tokens updated successfully.
file模塊
[root@node1 ~]# ansible-doc -s file
遞歸創建
[root@node1 ~]# ansible all -m file -a ‘path=/var/tmp/aaa/hello.dir state=directory‘
192.168.1.210 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/var/tmp/aaa/hello.dir",
"size": 6,
"state": "directory",
"uid": 0
}
創建空文件不行,file適合設置文件屬性 ?空文件可以用copy
[root@node1 ~]# ansible all -m file -a ‘path=/var/tmp/aaa/hello.txt state=file‘
192.168.1.210 | FAILED! => {
"changed": false,
"msg": "file (/var/tmp/aaa/hello.txt) is absent, cannot continue",
"path": "/var/tmp/aaa/hello.txt",
"state": "absent"
}
設置軟連接
[root@node1 ~]# ansible all -m file -a ‘src=/root/hi.txt path=/var/tmp/aaa/hello.txt state=link‘
192.168.1.210 | SUCCESS => {
"changed": true,
"dest": "/var/tmp/aaa/hello.txt",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 12,
"src": "/root/hi.txt",
"state": "link",
"uid": 0
}
定時任務模塊
[root@node1 ~]# ansible-doc -s cron
添加 ?name一定要添加,不然刪除有問題(名字要唯一)
[root@node1 ~]# ansible all -m cron -a ‘minute=*/3 job="/usr/sbin/update 192.168.1.200 &>/dev/null" name=updatetime state=present‘
192.168.1.210 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"updatetime"
]
}
[root@node2 ~]# crontab -l
#Ansible: updatetime
*/3 * * * * /usr/sbin/update 192.168.1.200 &>/dev/null
刪除 只看name ? 不要誤刪
[root@node1 ~]# ansible all -m cron -a ‘minute=*/3 job="/usr/sbin/update 192.168.1.200 &>/dev/null" name=updatetime state=absent‘
yum模塊
[root@node1 ~]# ansible-doc -s yum
[root@node1 ~]# ansible all -m yum -a ‘name=zsh state=present‘
service模塊
[root@node1 ~]# ansible-doc -s service
#`started‘/`stopped‘
[root@node1 ~]# ansible all -m service -a ‘name=mynginx state=reloaded‘
遠程腳本模塊
[root@node1 ~]# ansible-doc -s script
[root@node1 ~]# ansible 192.168.1.203 -m script -a ‘script‘ 本地腳本到遠端執行
setup變量模塊
[root@node1 playbooks]# ansible-doc -s setup
[root@node1 playbooks]# ansible 192.168.1.201 -m setup
playbook
簡單使用
[root@node1 ~]# mkdir playbooks
[root@node1 ~]# cd playbooks/
[root@node1 playbooks]# vim first.yml
- hosts: 192.168.1.201
remote_user: root
tasks:
- name: install vsftpd
yum: name=vsftpd state=latest
- name: config
copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600
notify: restart vsftpd # 通知下面 handlers name=restart vsftpd的項 如果文件沒有修改,不會觸發,(比較過文件)
- name: start vsftpd
service: name=vsftpd state=started enabled=false
handlers:
- name: restart vsftpd #接收到通知執行
service: name=vsftpd state=restarted
- hosts: 192.168.1.202
tasks:
- name: ip show
shell: ip a
- hosts: all
tasks:
- name: list
shell: ls
語法檢查
[root@node1 playbooks]# ansible-playbook first.yml --syntax-check
playbook: first.yaml
主機任務查看
[root@node1 playbooks]# ansible-playbook --list-hosts --list-tasks first.yml
試運行
[root@node1 playbooks]# ansible-playbook first.yml -C
通知觸發notify handlers
- hosts: 192.168.1.201
remote_user: root
tasks:
- name: install vsftpd
yum: name=vsftpd state=latest
- name: config
copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600
notify: restart vsftpd # 通知下面 handlers name=restart vsftpd的項
- name: start vsftpd
service: name=vsftpd state=started enabled=false
handlers:
- name: restart vsftpd #接收到通知執行
service: name=vsftpd state=restarted
執行指定標簽tags
- hosts: 192.168.1.201
remote_user: root
tasks:
- name: install vsftpd
yum: name=vsftpd state=latest
- name: config
copy: src=/root/playbooks/vsftpd.conf dest=/etc/vsftpd/vsftpd.conf mode=600
notify: restart vsftpd
tags: config #指定標簽
- name: start vsftpd
service: name=vsftpd state=started enabled=false
handlers:
- name: restart vsftpd
service: name=vsftpd state=restarted
[root@node1 playbooks]# ansible-playbook -t config first.yml #根據標簽執行
變量
- hosts: websrvs
remote_user: root
vars:
- pbvar: playbook var
tasks:
- name: command line vars
copy: content={{ cmdvar }} dest=/tmp/cmd.var #來自命令行穿參數
- name: playbook var
copy: content={{ pbvar }} dest=/tmp/pb.var #來自上面的pbvar
- name: host var
copy: content={{ https_port }}{{ http_port }} dest=/tmp/host.var #來自host文件 組和host
host文件
[websrvs:vars]
http_port=8080
[websrvs]
192.168.1.201 https_port=4431 ansible_ssh_port=22 ansible_ssh_user=zander ansible_ssh_pass=zander
192.168.1.202 https_port=4432 ansible_ssh_port=22 ansible_ssh_user=zander ansible_ssh_pass=zander
[root@node1 playbooks]# ansible-playbook sencond.yml -e cmdvar=‘aaaaaaa‘
[root@node2 ~]# cat /tmp/cmd.var
aaaaaaa[root@node2 ~]#
[root@node2 ~]# cat /tmp/pb.var
playbook var[root@node2 ~]#
[root@node2 ~]# cat /tmp/host.var
44318080[root@node2 ~]#
模板
/root/playbooks/nginx.conf.j2: 變量查看setup模塊
worker_processes worker_processes {{ ansible_processor_vcpus-1 }};
#listen {{ ansible_ens34.ipv4.address }}
- hosts: websrvs
remote_user: root
vars:
tasks:
- name: command line vars
template: src=/root/playbooks/nginx.conf.j2 dest=/tmp/nginx.conf
when: ansible_distribution_major_version == "7" #加判斷
[root@node1 playbooks]# ansible-playbook sencond.yml
每個節點能用對應的變量
[root@node2 ~]# cat /tmp/nginx.conf
worker_processes worker_processes 2;
#listen 192.168.1.201
[root@node3 ~]# cat /tmp/nginx.conf
worker_processes worker_processes 2;
#listen 192.168.1.202
role 簡單介紹
roles 定義路徑
[root@node1 playbooks]# vim /etc/ansible/ansible.cfg
#roles_path = /etc/ansible/roles
[root@node1 playbooks]# mkdir -pv /etc/ansible/roles/nginx/{files,templates,tasks,vars,handlers,meta,default}
roles/
project/
tasks/ 定義task,role的基本元素,至少應該包含一個名為 main.yml的文件;其它的文件需要在此文件中通過include進行 包含
files/ 存放由copy或script模塊等調用的文件
vars/ 不常用 定義變量,至少應該包含一個名為main.yml的文件;其 它的文件需要在此文件中通過include進行包含
default/ 不常用 設定默認變量時使用此目錄中的main.yml文件
templates/ template模塊查找所需要模板文件的目錄
handlers/ 至少應該包含一個名為main.yml的文件;其它的文 件需要在此文件中通過include進行包含
meta/ 不常用 定義當前角色的特殊設定及其依賴關系,至少應該包含一 個名為main.yml的文件,其它文件需在此文件中通過include進 行包含
[root@node1 tasks]# pwd
/etc/ansible/roles/nginx/tasks
[root@node1 tasks]# vim main.yml
- name: install nginx
yum: name=nginx state=latest
- name: install conf
template: src=vhost1.conf.j2 dest=/etc/nginx/conf.d/vhost1.conf #src 可以寫相對路徑 在role中
[root@node1 playbooks]# vim nginx.yml
- hosts: websrvs
remote_user: root
roles:
- nginx
Linux Ansible介紹