一、基礎知識:
1. 簡介
ansible基於python開發,集合了眾多運維工具的優點,實現了批量系統配置、批量程序部署、批量運行命令等功能。ansible是基於模塊工作的,本身沒有批量部署的能力。
真正具有批量部署的是ansible運行的模塊,ansible只是一個框架
(1) 連接插件connection plugins: 負責和被監控端實現通信;
(2) host inventory: 指定操作的主機,是一個配置文件里面定義監控的主機
(3) 各種模塊核心模塊、command模塊、自定義模塊;
(4) 借助於插件完成記錄日志郵件等功能;
(5) playbook: 劇本執行多個任務時,非必須可以讓節點一次性運行多個任務。
2、特性:
(1) no agents: 不需要在被管理主機上安裝任務agent
(2) no server: 無服務器端,使用時,直接運行命令即可
(3) modules in any languages: 基於模塊工作,可使用任意語言開發模塊
(4) yaml not code:使用yaml語言定制劇本playbook
(5) ssh by default:基於SSH工作
(6) strong multi-tier solution: 可實現多級指揮
3、優點:
(1) 輕量級,無需在客戶端安裝agent,更新時,只需要在操作機上進行一次更新即可;
(2) 批量任務可以寫成腳本,而且不用分發到遠程就可以執行
(3) 使用python編寫,維護簡單
(4) 支持sudo
二、ansible安裝
1.1 rpm包安裝
epel源:
[epel] name=Extra Packages for Enterprise Linux 6 - $basearch baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch failovermethod=priority enabled=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 [epel-debuginfo] name=Extra Packages for Enterprise Linux 6 - $basearch - Debug baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=0 [epel-source] name=Extra Packages for Enterprise Linux 6 - $basearch - Source baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS #mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6 gpgcheck=0 [root@localhost ~]# yum install ansible -y
三、常用模塊介紹
copy模塊
目的:把主控本地文件拷貝到遠程節點上
[root@localhost ~]# ansible 192.168.118.14 -m copy -a "src=/root/bigfile dest=/tmp" 192.168.118.14 | SUCCESS => { "changed": true, "checksum": "8c206a1a87599f532ce68675536f0b1546900d7a", "dest": "/tmp/bigfile", "gid": 0, "group": "root", "md5sum": "f1c9645dbc14efddc7d8a322685f26eb", "mode": "0644", "owner": "root", "size": 10485760, "src": "/root/.ansible/tmp/ansible-tmp-1467946691.02-193284383894106/source", "state": "file", "uid": 0 }
file模塊
目的:更改指定節點上文件的權限、屬主和屬組
[root@localhost ~]# ansible 192.168.118.14 -m file -a "dest=/tmp/bigfile mode=777 owner=root group=root" 192.168.118.14 | SUCCESS => { "changed": true, "gid": 0, "group": "root", "mode": "0777", "owner": "root", "path": "/tmp/bigfile", "size": 10485760, "state": "file", "uid": 0 }
cron模塊
目的:在指定節點上定義一個計划任務,每三分鍾執行一次。
[root@localhost ~]# ansible all -m cron -a 'name="Cron job" minute=*/3 hour=* day=* month=* weekday=* job="/usr/bin/ntpdate tiger.sina.com.cn"' 192.168.118.14 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "Cron job" ] } 192.168.118.13 | SUCCESS => { "changed": true, "envs": [], "jobs": [ "Cron job" ] }
group模塊
目的:在遠程節點上創建一個組名為ansible,gid為2016的組
[root@localhost ~]# ansible 192.168.118.14 -m group -a "name=ansible gid=2016" 192.168.118.14 | SUCCESS => { "changed": true, "gid": 2016, "name": "ansible", "state": "present", "system": false }
user模塊
目的:在指定節點上創建一個用戶名為ansible,組為ansible的用戶
[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible uid=2016 group=ansible state=present" 192.168.118.14 | SUCCESS => { "changed": true, "comment": "", "createhome": true, "group": 2016, "home": "/home/ansible", "name": "ansible", "shell": "/bin/bash", "state": "present", "system": false, "uid": 2016 }
刪除遠端節點用戶,注意:刪除遠程用戶,但是不會刪除該用戶的家目錄
[root@localhost ~]# ansible 192.168.118.14 -m user -a "name=ansible state=absent" 192.168.118.14 | SUCCESS => { "changed": true, "force": false, "name": "ansible", "remove": false, "state": "absent" }
yum 模塊
目的:在遠程節點安裝vsftpd
[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=present' 192.168.118.14 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror\nSetting up Install Process\nLoading mirror speeds from cached hostfile\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be installed\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nInstalling:\n vsftpd x86_64 2.2.2-14.el6 yum 152 k\n\nTransaction Summary\n================================================================================\nInstall 1 Package(s)\n\nTotal download size: 152 k\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Installing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nInstalled:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n" ] }
卸載寫法:
[root@localhost ~]# ansible 192.168.118.14 -m yum -a 'name=vsftpd state=removed' 192.168.118.14 | SUCCESS => { "changed": true, "msg": "", "rc": 0, "results": [ "Loaded plugins: fastestmirror\nSetting up Remove Process\nResolving Dependencies\n--> Running transaction check\n---> Package vsftpd.x86_64 0:2.2.2-14.el6 will be erased\n--> Finished Dependency Resolution\n\nDependencies Resolved\n\n================================================================================\n Package Arch Version Repository Size\n================================================================================\nRemoving:\n vsftpd x86_64 2.2.2-14.el6 @yum 332 k\n\nTransaction Summary\n================================================================================\nRemove 1 Package(s)\n\nInstalled size: 332 k\nDownloading Packages:\nRunning rpm_check_debug\nRunning Transaction Test\nTransaction Test Succeeded\nRunning Transaction\n\r Erasing : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\r Verifying : vsftpd-2.2.2-14.el6.x86_64 1/1 \n\nRemoved:\n vsftpd.x86_64 0:2.2.2-14.el6 \n\nComplete!\n" ] }
service模塊
啟動 [root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=started enabled=yes' 192.168.118.14 | SUCCESS => { "changed": true, "enabled": true, "name": "vsftpd", "state": "started" } 停止 [root@localhost ~]# ansible 192.168.118.14 -m service -a 'name=vsftpd state=stopped enabled=yes' 192.168.118.14 | SUCCESS => { "changed": true, "enabled": true, "name": "vsftpd", "state": "stopped" }
ping模塊
[root@localhost ~]# ansible 192.168.118.14 -m ping 192.168.118.14 | SUCCESS => { "changed": false, "ping": "pong" }
command模塊
[root@localhost ~]# ansible 192.168.118.14 [-m command] -a 'w' # -m command可以省略就表示使用命名模塊 192.168.118.14 | SUCCESS | rc=0 >> 14:00:32 up 3:51, 2 users, load average: 0.00, 0.00, 0.00 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root pts/0 192.168.118.69 18:09 3:29 0.12s 0.12s -bash root pts/1 192.168.118.13 14:00 0.00s 0.04s 0.00s /bin/sh -c LANG
raw模塊
主要的用途是在command中添加管道符號
[root@localhost ~]# ansible 192.168.118.14 -m raw -a 'hostname | tee' 192.168.118.14 | SUCCESS | rc=0 >> localhost.localdomain
get_url模塊
目的:將http://192.168.118.14/1.png 下載到本地
[root@localhost ~]# ansible 192.168.118.14 -m get_url -a 'url=http://192.168.118.14/1.png dest=/tmp' 192.168.118.14 | SUCCESS => { "changed": true, "checksum_dest": null, "checksum_src": "ba5cb18463ecfa13cdc0b611c9c10875275d883e", "dest": "/tmp/1.png", "gid": 0, "group": "root", "md5sum": "8c0df0b008eb5735dc955171d6d9dd73", "mode": "0644", "msg": "OK (14987 bytes)", "owner": "root", "size": 14987, "src": "/tmp/tmpY2lqHF", "state": "file", "uid": 0, "url": "http://192.168.118.14/1.png" }
synchronize模塊
目的:將主空方目錄推送到指定節點/tmp目錄下
[root@localhost ~]# ansible 192.168.118.14 -m synchronize -a 'src=/root/test dest=/tmp/ compress=yes' 192.168.118.14 | SUCCESS => { "changed": true, "cmd": "/usr/bin/rsync --delay-updates -F --compress --archive --rsh 'ssh -S none -o StrictHostKeyChecking=no' --out-format='<<CHANGED>>%i %n%L' \"/root/test\" \"192.168.118.14:/tmp/\"", "msg": ".d..t...... test/\n<f+++++++++ test/abc\n", "rc": 0, "stdout_lines": [ ".d..t...... test/", "<f+++++++++ test/abc" ] }
四、ansible playbooks
4.1 http安裝:
- hosts: web vars: http_port: 80 max_clients: 256 remote_user: root tasks: - name: ensure apache is at the latest version yum: name=httpd state=latest - name: ensure apache is running service: name=httpd state=started
4.2 mysql安裝
- hosts: 192.168.118.14 vars: remote_user: root max_clients: 256 mysql_name: "mysql-server" tasks: - name: ensure install mysql yum: name="{{mysql_name}}" state=present - name: ensure apache is running service: name=mysqld state=started
1. handlers
用於當關注的資源發生變化時采取一定的操作.
“notify”這個action可用於在每個play的最后被觸發,這樣可以避免多次有改變發生時每次都執行指定的操作,取而代之,僅在所有的變化發生完成后一次性地執行指定操作。在notify中列出的操作稱為handler,也即notify中調用handler中定義的操作。
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: install apache 5 yum: name=httpd 6 - name: install config 7 copy: src=/etc/httpd/conf/httpd.conf dest=/etc/httpd/conf/httpd.conf 8 notify: 9 - restart httpd # 這觸發 restart httpd 動作 10 - name: start httpd 11 service: name=httpd state=started 12 handlers: 13 - name: restart httpd 14 service: name=httpd state=restarted
注意:測試使用ansible2.1版本,每執行一次如上腳本,- name: start httpd都會執行一次,因此可以不用使用handlers
2. 調用setup模塊中的變量
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: copy file 5 copy: content="{{ansible_all_ipv4_addresses}}" dest=/tmp/a.txt
3. when 條件判斷
1 - hosts: all 2 remote_user: root 3 vars: 4 - username: test 5 tasks: 6 - name: create {{ username }} user. 7 user: name={{ username }} 8 when: ansible_fqdn == "localhost.localdomain" # 當條件匹配到,才會創建test用戶
4. 使用with_items進行迭代
1 - hosts: web 2 remote_user: root 3 tasks: 4 - name: yum install packages 5 yum: name={{ item.name }} state=present 6 with_items: 7 - { name: 'mysql-server' } 8 - { name: 'vsftpd' }
5. template 使用
使用場景: 當多個服務修改的參數不一致時。
拷貝/etc/httpd/conf/httpd.conf到指定目錄,修改Listen使用變量
Listen {{ http_port }}
在ansible hosts中定義變量
14 [web]
15 192.168.2.12 http_port=8000
劇本寫法:
8 - name: install config
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf # 使用template模塊
[root@ansible ~]# cat httpd.yml - hosts: all remote_user: root tasks: - name: install http yum: name=httpd state=present - name: copy file template: src=/root/httpd.j2 dest=/etc/httpd/conf/httpd.conf notify: - restart httpd - name: restart httpd service: name=httpd state=started handlers: - name: restart httpd service: name=httpd state=restarted
[web] 192.168.118.14 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=8888 maxClients=50 [myhost] 192.168.118.49 ansible_ssh_user=root ansible_ssh_pass=123456 ansible_ssh_port=22 http_port=9999 maxClients=100
6. tag的使用
使用場景:當一個playbook只需要執行某一個步驟的時候定義
劇本寫法
9 template: src=/root/temp/{{http_name}}.j2 dest=/etc/httpd/conf/httpd.conf 10 tags: 11 - conf
7. roles的用法:
mkdir -pv ansible_playbooks/roles/web/{templates,files,vars,tasks,meta,handlers} cp -a /etc/httpd/conf/httpd.conf files/ vim tasks/main.yml 1 - name: install httpd 2 yum: name=httpd 3 - name: install configuration file 4 copy: src=httpd.conf dest=/etc/httpd/conf/httpd.conf 5 tags: 6 - conf 7 notify: 8 - restart httpd 9 - name: start httpd 10 service: name=httpd state=started vim handlers/main.yml 1 - name: restart httpd 2 service: name=httpd state=restarted [root@server1 ansible_playbooks]# ls roles site.yml [root@server1 ansible_playbooks]# vim site.yml 1 - hosts: web 2 remote_user: root 3 roles: 4 - web [root@server1 ansible_playbooks]ansible-playbook site.yml