一、安装ansible准备
//安装准备 1.两台机器 172.7.15.106 172.7.15.111 2.设置hostname以及hosts 172.7.15.106 web9.lulu.com 172.7.15.111 web10.lulu.com 3. 安装ansible (只需要在106--server端安装) [root@web9 ~]# yum install -y epel-release [root@web9 ~]# yum install -y ansible
二、安装ansible
//106 [root@web9 ~]# ssh-keygen -t rsa //直接回车生成密钥对 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): //此处输入密码 Enter passphrase (empty for no passphrase): [root@web9 ~]# scp .ssh/id_rsa.pub 172.7.15.111:/root/ssh/authorized_keys [root@web9 ~]# cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized.keys [root@web9 ~]# chmod 600 /root/.ssh/authorized.keys [root@web9 ~]# setenforce 0 [root@web9 ~]# iptables -F
[root@web9 ~]# ssh web10.lulu.com
-bash: ssh: command not found
[root@web9 ~]# yum install -y openssh-clients
//连接并配对密钥 [root@web9 ~]# ssh web10.lulu.com The authenticity of host 'web10.lulu.com(172.7.15.111)' can't be established. RSA key fingerprint is ..... Are you sure you want to continue connecting (yes/no)? yes
三、远程执行命令
//先更改配置文件 [root@web9 ~]# vi /etc/ansible/hosts //ADD [testhost] 127.0.0.1 172.7.15.111 /* testhost --主机组名字 ,自定义 以下ip --组内的机器的ip */ [root@web9 ~]# ansible testhost -m command -a 'hostname' 127.0.0.1 | success | rc=0 >> web9.lulu.com web10.lulu.com | success | rc=0 >> web10.lulu.com /* testhost --主机组名字。自定义 -m + 模块名 -a +命令 */
此处会遇到的错误 :
[root@web9 ~]# ansible 127.0.0.1 -m command -a 'hostname' 错误: "msg":"Aborting,target uses selinux but python bindings(libselinux-python) aren't installed!" --> yum install -y libselinux-python
//shell模块 [root@web9 ~]# ansible 'web10.lulu.com' -m shell -a 'hostname' web10.lulu.com | success | rc=0 >> web10.lulu.com [root@web9 ~]# ansible 'web10.lulu.com' -m shell -a 'cat /etc/passwd|grep root' web10.lulu.com | success | rc=0 >> root:x:0:0:root:/root:/bin/bash operator:x:11:0:operator:/root:/sbin/nologin
四、拷贝目录或者文件
//--拷贝文件 [root@web9 ~]# ansible web10.lulu.com -m copy -a "src=/etc/passwd dest=/tmp/1.txt" web10.lulu.com | success >>{ ... ... ... } /* 解释: -m -- 模块选择 copy src 源文件 dest 目标文件 */ [root@web9 ~]# ansible web10.lulu.com -m copy -a "src=/etc/passwd dest=/tmp/1.txt owner=root group=root mode=0755" web10.lulu.com | success >> { ... ... ... }
//--拷贝目录 [root@web9 ~]# ansible web10.lulu.com -m copy -a "src=/etc/ansible dest=/tmp/ansible" web10.lulu.com | success >>{ ... ... ... } //client端检查是否拷贝成功并且与server端相同 [root@web9 ~]# ls /etc/ansible [root@web10 ~]# ls /tmp/ansible
五、远程执行shell脚本
[root@web9 ~]# vim /tmp/test.sh //ADD #!/bin/bash echo `date` > /tmp/ansible_test.txt [root@web9 ~]# ansible testhost -m copy -a "src=/tmp/test.sh dest=/tmp/test.sh mod=0755" //将脚本分发到各服务器上 [root@web9 ~]# ansible testhost -m shell -a "/bin/bash /tmp/test.sh" //批量执行shell脚本 //shell模块还支持远程执行命令加管道符 [root@web9 ~]# ansible testhost -m shell -a "cat /etc/passwd|wc -l"
六、配置cron
//添加cron任务 [root@web9 ~]# ansible testhost -m cron -a "name='test cron' job='/bin/touch /tmp/123.txt' weekday=6" /* name 任务名称 job 执行的命令 最后加时间 */ //client端使任务生效 [root@web9 ~]# crontab -l //删除cron任务 [root@web9 ~]# ansible testhost -m cron -a "name='test cron' state=absent"
七、安装rpm包/管理服务
1. [root@web9 ~]# ansible web10.lulu.com -m yum -a "name=httpd" /* 解释: name = rpm包名 */ //client端检查是否安装完成 [root@web10 ~]# yum list|grep httpd 2. [root@web9 ~]# ansible testhost -m service -a "name=httpd state=started enabled=yes" == [root@web9 ~]# ansible testhost -m service -a "name=httpd state=stopped enabled=no" [root@web9 ~]# ansible testhost -m service -a "name=httpd state=started enabled=no" == [root@web9 ~]# ansible testhost -m service -a "name=httpd state=stopped enabled=yes"
//ansible 文档的使用 [root@web9 ~]# ansible-doc -l //列出所有的模块 [root@web9 ~]# ansible-doc cron //查看指定模块的文档
八、ansible--playbook
[root@web9 ~]# cd /etc/ansible [root@web9 ansible]# ls ansible.cfg hosts roles [root@web9 ansible]# vi test.yml //ADD --- - hosts: testhost remote_user: root tasks: - name: test_playbook shell: touch /tmp/fran.txt /* hosts --指定哪些主机进行参作 user --指定 使用什么用户登录 远程主机操作 tasks -- 指定任务 */ //生效 [root@web9 ansible]# ansible-playbook test.yml
//创建用户 [root@web9 ansible]# vi create_user.yml //ADD --- - name: create_user hosts: testhost user: root gather_facts: false vars: - user: "test" tasks: - name: create user user: name="{{ user }}" /* gather_facts --指定了以下任务部分执行前,是否先执行setup模块获取主机相关信息 变量值 -- 一定要 " " 引住 user -- 调用了user模块 */
playbook循环
[root@web9 ansible]# vi loop.yml
//ADD
---
- hosts: testhost
user: root
tasks:
- name: change mod for file
file: path=/tmp/{{ item }} mode=600 owner=root group=root
with_items:
- 1.txt
- 2.txt
- 3.txt
[root@web9 ansible]# ansible-playbook loop.yml
[root@web9 ansible]# touch /tmp/{1.txt,2.txt,3.txt}
//同时也在client端新创建文件
[root@web10 ~]# touch /tmp/{1.txt,2.txt,3.txt}
//回到server
[root@web9 ansible]# ls -l /tmp/
-rw------- 1 root root 0 12月 24 20:50 1.txt
-rw------- 1 root root 0 12月 24 20:50 2.txt
-rw------- 1 root root 0 12月 24 20:50 3.txt
//同时也在client端查看
[root@web10 ~]# ls -l /tmp/
-rw------- 1 root root 0 12月 24 20:50 1.txt
-rw------- 1 root root 0 12月 24 20:50 2.txt
-rw------- 1 root root 0 12月 24 20:50 3.txt
playbook判断
[root@web9 ansible]# vi when.yml //ADD --- - hosts: testhost remote_user: root gather_facts: True tasks: - name: use when shell: touch /tmp/when.txt when: facter_ipaddress == "172.7.15.106" [root@web9 ansible]# ansible web10.lulu.com -m setup //check是否有 ... ... “facter_ipaddress": "172.7.15.111", ... [root@web9 ansible]# ansible-playbook when.yml [root@web9 ansible]# ls -lt /tmp/when.txt -rw-r--r-- 1 root root 0 12月 24 20:58 /tmp/when.txt
playbook--handlers
/* 执行task任务之后,服务器发生变化之后-- 需执行一些操作 比如 修改配置文件后,---需要重启服务 */ [root@web9 ansible]# vi handlers.yml //ADD --- - name: handlers test hosts: web10.lulu.com user: root tasks: - name: copy file copy: src=/etc/passwd dest=/tmp/aaa.txt notify: test handlers handlers: - name: test handlers shell: echo "111" >> /tmp/aaa.txt [root@web9 ansible]# ansible-playbook handlers.yml //client端检查 [root@web10 ~]# cat /tmp/aaa.txt ... //最后一行 111
九、ansible实例 -- 安装nginx
[root@web9 ansible]# cd /etc/ansible [root@web9 ansible]# mkdir nginx_install //创建一个装nginx各种需要文件的目录 [root@web9 ansible]# cd nginx_install [root@web9 ansible]# mkdir -p roles/{common,install}/{handlers.files,meta,tasks,templates,vars} /* explain: roles -- common(准备) -- handlers(当发生改变时),files(安装时用到) install(安装nginx) -- meta(说明信息,角色依赖等),tasks(核心配置) -- templates(存配置文件,启动脚本等模版) -- vars(定义的变量) */ /* 准备: 在一台机器上事先编译安装好nginx,配置好启动脚本,配置好配置文件 安装好---将nginx目录打包---放到/etc/ansible/nginx_install/roles/install/files ,名字取为nginx.tar.gz --启动脚本、配置文件需要放到/etc/ansible/nginx_install/roles/install/templates */
步骤://将需要的文件拷贝到新创建的目录中,方便管理
[root@web9 ansible]# cp /usr/local/nginx.tar.gz files/
[root@web9 ansible]# cp /usr/local/nginx/conf/nginx.conf templates/
[root@web9 ansible]# cp /etc/init.d/nginx templates
[root@web9 ansible]# vim nginx_install/roles/install/vars/main.yml
//ADD
nginx_user: www
nginx_port: 80
nginx_basedir: /usr/local/nginx
[root@web9 ansible]# cd nginx_install/roles [root@web9 roles]# vim ./common/tasks/main.yml //ADD - name: Install initializtion require software yum: name={{ item }} state=installed with_items: - zlib-devel - pcre-devel - opensshl-devel //把要用到的文档拷贝到目标机器 [root@web9 ansible]# vim nginx_install/roles/install/tasks/copy.yml //ADD - name: Copy Nginx Software copy: src=nginx.tar.gz dest=/tmp/nginx.tar.gz owner=root group=root - name: Uncompression Nginx Software shell: tar zxf /tmp/nginx.tar.gz -C /usr/local/ - name: Copy Nginx Start Script template: src=nginx dest=/etc/init.d/nginx owner=root group=root - name: Copy Nginx Config template: src=nginx.conf dest={{ nginx_basedir }}/conf/ owner=root group=root mode=0644 //建立用户,启动服务,删除压缩包 [root@web9 ansible]# vim nginx_install/roles/install/tasks/install.yml //ADD - name: Create Nginx User user: name={{ nginx_user }} state=present createhome=no shell=/sbin/nologin - name: Start Nginx Service service: name= nginx state=restarted #这里是started的区别 - name: Add Boot Start Nginx Service shell:chkconfig --level 345 nginx on - name: Delete Nginx compression files shell: rm -rf /tmp/nginx.tar.gz //再创建main.yml并且把copy和install调用 [root@web9 ansible]# cd nginx_install/roles/install/tasks [root@web9 tasks]# ls copy.yml install.yml [root@web9 tasks]# vi main.yml //ADD - include: copy.yml - include: install.yml //定义入口文件 [root@web9 tasks]# cd /etc/ansible/nginx_install/ [root@web9 nginx_install]# vi install/yml //ADD --- - hosts: testhost remote_user: root gather_facts: True roles: - common - install [root@web9 nginx_install]# ansible-playbook install.yml //client check [root@web10 ~]# rpm -qa|egrep 'pcre|openssl|zlib' ... ... ... [root@web10 ~]# ls /usr/local/nginx .. . ... ... .. ... [root@web10 ~]# ps aux|grep nginx ....... ..... ..... [root@web10 ~]# chkconfig --list nginx nginx 0:关闭 1:关闭 2:关闭 3:启用 4:启用 5:启用 6:关闭
//管理配置文件 /* 生产环境中 -- 大多需要管理配置文件 安装环境包只是初始化环境需要使用 */ [root@web9 ~]# mkdir -p /etc/ansible/nginx_config/roles/{new,old}/{files,handlers,vars,tasks} /* new --更新 old --回滚 files --存着nginx.conf and vhosts handlers -- 重启nginx服务的命令 关于回滚 , 执行playbook前需要 备份一下 旧的配置, 老配置管理要严格--不能随便修改线上机器的配置 且保证new/files里的配置和线上的一致 */ [root@web9 ~]# ccd /usr/local/nginx/conf [root@web9 conf]# cp -r nginx.conf vhosts /etc/ansible/nginx_conf/roles/new/files/ [root@web9 conf]# vim /etc/ansible/nginx_config/roles/new/vars/main.yml //定义变量 //ADD nginx_basedir: /usr/local/nginx [root@web9 conf]# vim /etc/ansible/nginx_config/roles/new/handlers/main.yml //定义重加载nginx服务 //ADD - name: restart nginx shell: /etc/init.d/nginx reload [root@web9 conf]# vim /etc/ansible/nginx_config/roles/new/tasks/main.yml //核心任务 //ADD - name: copy conf file copy: src={{ item.src }} dest={{ nginx_basedir }}/{{ item.dest }} backup=yes owner=root group=root mode=0644 with_items: - { src: nginx.conf, dest: conf/nginx.conf } - { src: vhosts, dest: conf/ } notify: restart nginx
[root@web9 tasks]# vim /etc/ansible/nginx_config/update.yml //定义总入口配置 //ADD --- - hosts: testhost user: root roles: - new [root@web9 tasks]# ansible-playbook /etc/ansible/nginx_config/update.yml
//测试 [root@web9 tasks]# vi roles/new/files/vhosts/1.conf //ADD #sjadhjsahkd [root@web9 tasks]# vi roles/new/files/nginx.conf //ADD ... //在末尾增加 include vhosts/*.conf; */ [root@web9 tasks]# ansible-playbook update.yml //client check [root@web10 ~]# cat /usr/local/nginx/conf/vhosts/1.conf #sjadhjsahkd [root@web10 ~]# ps aux|grep nginx [root@web10 ~]# date //与date相比是否时间差不多,配置的时间 //同步数据 [root@web9 roles]# rsync -av new/ old/ sending incremental file list ... [root@web9 roles]# cd .. [root@web9 nginx_config]# cp update.yml backup.yml [root@web9 nginx_config]# vi backup.yml //change to ... ... ... role: - old [root@web9 nginx_config]# vi roles/new/files/vhosts/1.conf //ADD ... #jhdjkahkdjs [root@web9 nginx_config]# ansible-playbook update.yml //client check [root@web10 ~]# cat /usr/local/nginx/conf/vhosts/1.conf #sjadhjsahkd #jhdjkahkdjs //recover data [root@web9 nginx_config]# ansible-playbook backup.yml //client check [root@web10 ~]# cat /usr/local/nginx/conf/vhosts/1.conf #sjadhjsahkd //下载整个样例库 [root@web9 ~]# yum install -y git [root@web9 ~]# git clone git://github.com/dh528888/ansible-examples.git