ansible指路篇-安装及基本命令使用
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.什么是ansible
ansible是新出现的自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置、批量程序部署、批量运行命令等功能。
1 ansible是基于模块工作的,本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
2 1>.连接插件connection plugins:负责和被监控端实现通信;
3 2>.host inventory:指定操作的主机,是一个配置文件里面定义监控的主机;
4 3>.各种模块核心模块、command模块、自定义模块;
5 4>.借助于插件完成记录日志邮件等功能;
6 5>.playbook:剧本执行多个任务时,非必需可以让节点一次性运行多个任务。
二.准备环境
我们本次试验需要4台主机,1台web服务器,2台数据库服务器,1台发送指令的服务器。并且需要配置好域名。其对应关系如下:
| 主机名称 | 对应IP | 部署服务 |
| node1.yinzhengjie.com | 192.168.105/24 | http |
| node2.yinzhengjie.com | 192.168.1.110/24 | nginx,mysql |
| node3.yinzhengjie.com | 192.168.1.115/24 | mysql |
| node4.yinzhengjie.com | 192.168.1.200/24 | ansible |
1 [root@yinzhengjie ~]# ifconfig |grep addr | head -2|tail -1 |cut -d ":" -f 2 | awk '{print $1}'
2 192.168.1.200
3 [root@yinzhengjie ~]# more /etc/hosts | grep yinzhengjie
4 192.168.1.105 node1.yinzhengjie.com
5 192.168.1.110 node2.yinzhengjie.com
6 192.168.1.115 node3.yinzhengjie.com
7 192.168.1.200 node4.yinzhengjie.com
8 [root@yinzhengjie ~]#
三.安装ansible
1.下载安装包(RPM包搜索站点:https://pkgs.org/)
1 [root@yinzhengjie ~]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64//ansible-2.3.2.0-1.el6.noarch.rpm
2 [root@yinzhengjie ~]# rpm -qpi ansible-2.3.2.0-1.el6.noarch.rpm
2.yum安装即可(它可以自动解决依赖关系)
1 [root@yinzhengjie ~]# yum -y install ansible-2.3.2.0-1.el6.noarch.rpm
3.查看安装完毕后生产了哪些文件
1 [root@yinzhengjie ~]# rpm -qal ansible |wc -l
2 4874 ------------->由于文件行数过多,此处我就不列出了
3 [root@yinzhengjie ~]#
4.修改配置文件
1 [root@yinzhengjie ~]# cd /etc/ansible/
2 [root@yinzhengjie ansible]# more hosts |tail -8
3 #Add by yinzhengjie
4 [webservers]
5 node1.yinzhengjie.com
6 node2.yinzhengjie.com
7
8 [dbservers]
9 node2.yinzhengjie.com
10 node3.yinzhengjie.com
11 [root@yinzhengjie ansible]#
5.配置无秘钥登录证书
a>..生成证书
1 [root@yinzhengjie ~]# cd
2 [root@yinzhengjie ~]# ssh-keygen -t rsa -P ''
3 Generating public/private rsa key pair.
4 Enter file in which to save the key (/root/.ssh/id_rsa):
5 /root/.ssh/id_rsa already exists.
6 Overwrite (y/n)? y
7 Your identification has been saved in /root/.ssh/id_rsa.
8 Your public key has been saved in /root/.ssh/id_rsa.pub.
9 The key fingerprint is:
10 75:57:9e:80:28:6b:94:14:65:7a:7e:51:c8:51:af:49 root@yinzhengjie
11 The key's randomart image is:
12 +--[ RSA 2048]----+
13 | .o+oo.=+ .|
14 | +o. +. oo.|
15 | ..o....E.o.|
16 | oo. .o.o |
17 | . S. . o |
18 | . |
19 | |
20 | |
21 | |
22 +-----------------+
23 [root@yinzhengjie ~]#
b>.将公钥拷贝到其他的服务器上去
1 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node1.yinzhengjie.com
2 The authenticity of host 'node1.yinzhengjie.com (192.168.1.105)' can't be established.
3 RSA key fingerprint is 16:21:2b:17:78:43:90:02:47:c1:be:e3:ba:41:78:44.
4 Are you sure you want to continue connecting (yes/no)? yes
5 Warning: Permanently added 'node1.yinzhengjie.com' (RSA) to the list of known hosts.
6 root@node1.yinzhengjie.com's password:
7 Now try logging into the machine, with "ssh 'root@node1.yinzhengjie.com'", and check in:
8
9 .ssh/authorized_keys
10
11 to make sure we haven't added extra keys that you weren't expecting.
12
13 [root@yinzhengjie ~]#
14 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node2.yinzhengjie.com
15 The authenticity of host 'node2.yinzhengjie.com (192.168.1.110)' can't be established.
16 RSA key fingerprint is 83:98:0a:6e:11:e9:26:14:e5:c8:3f:b3:1d:26:65:8e.
17 Are you sure you want to continue connecting (yes/no)? yes
18 Warning: Permanently added 'node2.yinzhengjie.com,192.168.1.110' (RSA) to the list of known hosts.
19 root@node2.yinzhengjie.com's password:
20 Now try logging into the machine, with "ssh 'root@node2.yinzhengjie.com'", and check in:
21
22 .ssh/authorized_keys
23
24 to make sure we haven't added extra keys that you weren't expecting.
25
26 [root@yinzhengjie ~]#
27 [root@yinzhengjie ~]# ssh-copy-id -i .ssh/id_rsa.pub root@node3.yinzhengjie.com
28 The authenticity of host 'node3.yinzhengjie.com (192.168.1.115)' can't be established.
29 RSA key fingerprint is 62:a4:bf:f7:b7:42:e7:e6:ce:36:bb:8f:e7:d8:e5:04.
30 Are you sure you want to continue connecting (yes/no)? yes
31 Warning: Permanently added 'node3.yinzhengjie.com,192.168.1.115' (RSA) to the list of known hosts.
32 root@node3.yinzhengjie.com's password:
33 Now try logging into the machine, with "ssh 'root@node3.yinzhengjie.com'", and check in:
34
35 .ssh/authorized_keys
36
37 to make sure we haven't added extra keys that you weren't expecting.
38
39 [root@yinzhengjie ~]#
c>.验证是否配置成功
1 [root@yinzhengjie ~]# ssh node1.yinzhengjie.com
2 Last login: Fri Oct 13 05:39:39 2017 from 192.168.1.161
3 [root@yinzhengjie ~]# ifconfig |grep addr | head -2|tail -1 |cut -d ":" -f 2 | awk '{print $1}'
4 192.168.1.105
5 [root@yinzhengjie ~]# logout
6 Connection to node1.yinzhengjie.com closed.
7 [root@yinzhengjie ~]#
8 [root@yinzhengjie ~]#
9 [root@yinzhengjie ~]# ifconfig |grep addr | head -2|tail -1 |cut -d ":" -f 2 | awk '{print $1}'
10 192.168.1.200
11 [root@yinzhengjie ~]#
四.ansible简单应用
1.检查所有定义的主机是否在线
1 [root@yinzhengjie ~]# ansible all -m ping
2 node3.yinzhengjie.com | SUCCESS => {
3 "changed": false,
4 "ping": "pong"
5 }
6 node2.yinzhengjie.com | SUCCESS => {
7 "changed": false,
8 "ping": "pong"
9 }
10 node1.yinzhengjie.com | SUCCESS => {
11 "changed": false,
12 "ping": "pong"
13 }
14 [root@yinzhengjie ~]#
2.查看所有定义的主机的时间
1 [root@yinzhengjie ~]# ansible all -m command -a 'date'
2 node3.yinzhengjie.com | SUCCESS | rc=0 >>
3 Fri Oct 13 14:04:19 PDT 2017
4 node2.yinzhengjie.com | SUCCESS | rc=0 >>
5 Fri Oct 13 06:04:19 PDT 2017
6 node1.yinzhengjie.com | SUCCESS | rc=0 >>
7 Fri Oct 13 06:04:19 PDT 2017
8 [root@yinzhengjie ~]#
9 [root@yinzhengjie ~]#
10 [root@yinzhengjie ~]# ansible all -a 'date'
11 node3.yinzhengjie.com | SUCCESS | rc=0 >>
12 Fri Oct 13 14:04:36 PDT 2017
13 node1.yinzhengjie.com | SUCCESS | rc=0 >>
14 Fri Oct 13 06:04:37 PDT 2017
15 node2.yinzhengjie.com | SUCCESS | rc=0 >>
16 Fri Oct 13 06:04:36 PDT 2017
17 [root@yinzhengjie ~]#
3.检查所有定义的主机的http服务是否正常
1 [root@yinzhengjie ~]# ansible all -m command -a 'service httpd status'
2 [WARNING]: Consider using service module rather than running service
3 node1.yinzhengjie.com | SUCCESS | rc=0 >>
4 httpd (pid 4448) is running...
5 node3.yinzhengjie.com | FAILED | rc=3 >>
6 httpd is stopped
7 node2.yinzhengjie.com | FAILED | rc=3 >>
8 httpd is stopped
9 [root@yinzhengjie ~]#
4.拷贝本地文件到定义的服务器群组
1 [root@yinzhengjie ~]# ansible dbservers -m copy -a "src=/root/ansible-2.3.2.0-1.el6.noarch.rpm dest=/tmp/"
2 node3.yinzhengjie.com | SUCCESS => {
3 "changed": true,
4 "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",
5 "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",
6 "gid": 0,
7 "group": "root",
8 "md5sum": "8388f98019479244b5098e5e23941da7",
9 "mode": "0644",
10 "owner": "root",
11 "secontext": "unconfined_u:object_r:admin_home_t:s0",
12 "size": 6173016,
13 "src": "/root/.ansible/tmp/ansible-tmp-1507900705.1-53916243211948/source",
14 "state": "file",
15 "uid": 0
16 }
17 node2.yinzhengjie.com | SUCCESS => {
18 "changed": true,
19 "checksum": "fb5559c1d886fdc5f4f553a44372cc0230189362",
20 "dest": "/tmp/ansible-2.3.2.0-1.el6.noarch.rpm",
21 "gid": 0,
22 "group": "root",
23 "md5sum": "8388f98019479244b5098e5e23941da7",
24 "mode": "0644",
25 "owner": "root",
26 "secontext": "unconfined_u:object_r:admin_home_t:s0",
27 "size": 6173016,
28 "src": "/root/.ansible/tmp/ansible-tmp-1507900705.18-246525313248421/source",
29 "state": "file",
30 "uid": 0
31 }
32 [root@yinzhengjie ~]#
33 [root@yinzhengjie ~]#
34 [root@yinzhengjie ~]# ansible dbservers -a "ls /tmp"
35 node3.yinzhengjie.com | SUCCESS | rc=0 >>
36 ansible-2.3.2.0-1.el6.noarch.rpm
37 ansible_46ihbB
38 keyring-Dp3ZRf
39 ks-script-VsmDKH
40 ks-script-VsmDKH.log
41 orbit-gdm
42 orbit-root
43 pulse-qotd3GsczqPx
44 pulse-sxkC9wDU7bP6
45 vgauthsvclog.txt.0
46 virtual-root.mMq8ds
47 vmware-config0
48 VMwareDnD
49 vmware-root
50 yum.log
51 node2.yinzhengjie.com | SUCCESS | rc=0 >>
52 ansible-2.3.2.0-1.el6.noarch.rpm
53 ansible_KZ8J1M
54 keyring-pUri5c
55 orbit-gdm
56 orbit-root
57 pulse-UgBUKbuMXzGR
58 [root@yinzhengjie ~]#
5.定义周期计划任务的模块
1 [root@yinzhengjie ~]# ansible all -m cron -a 'name="yinzhengjie is good boy" minute=*/3 hour=* day=* month=* weekday=* job="/usr/sbin/ntpdate 1.cn.pool.ntp.org"'
2 node3.yinzhengjie.com | SUCCESS => {
3 "changed": true,
4 "envs": [],
5 "jobs": [
6 "yinzhengjie is good boy"
7 ]
8 }
9 node2.yinzhengjie.com | SUCCESS => {
10 "changed": true,
11 "envs": [],
12 "jobs": [
13 "yinzhengjie is good boy"
14 ]
15 }
16 node1.yinzhengjie.com | SUCCESS => {
17 "changed": true,
18 "envs": [],
19 "jobs": [
20 "yinzhengjie is good boy"
21 ]
22 }
23 [root@yinzhengjie ~]#
24 [root@yinzhengjie ~]# ansible all -a "crontab -l"
25 node2.yinzhengjie.com | SUCCESS | rc=0 >>
26 #Ansible: yinzhengjie is good boy
27 */3 * * * * /usr/sbin/ntpdate 1.cn.pool.ntp.org
28 node3.yinzhengjie.com | SUCCESS | rc=0 >>
29 #Ansible: yinzhengjie is good boy
30 */3 * * * * /usr/sbin/ntpdate 1.cn.pool.ntp.org
31 node1.yinzhengjie.com | SUCCESS | rc=0 >>
32 #Ansible: yinzhengjie is good boy
33 */3 * * * * /usr/sbin/ntpdate 1.cn.pool.ntp.org
34 [root@yinzhengjie ~]#
6.给所有定义的主机创建组
1 [root@yinzhengjie ~]# ansible all -m group -a "gid=306 system=yes name=yinzhengjie520"
2 node1.yinzhengjie.com | SUCCESS => {
3 "changed": true,
4 "gid": 306,
5 "name": "yinzhengjie520",
6 "state": "present",
7 "system": true
8 }
9 node2.yinzhengjie.com | SUCCESS => {
10 "changed": true,
11 "gid": 306,
12 "name": "yinzhengjie520",
13 "state": "present",
14 "system": true
15 }
16 node3.yinzhengjie.com | SUCCESS => {
17 "changed": true,
18 "gid": 306,
19 "name": "yinzhengjie520",
20 "state": "present",
21 "system": true
22 }
23 [root@yinzhengjie ~]#
24 [root@yinzhengjie ~]# ansible all -a "tail -1 /etc/group"
25 node3.yinzhengjie.com | SUCCESS | rc=0 >>
26 yinzhengjie520:x:306:
27 node1.yinzhengjie.com | SUCCESS | rc=0 >>
28 yinzhengjie520:x:306:
29 node2.yinzhengjie.com | SUCCESS | rc=0 >>
30 yinzhengjie520:x:306:
31 [root@yinzhengjie ~]#
五.ansible模块
关于ping,date等一些命令其实都是ansible所对应的模块,因此,我们熟悉它的常用模块(ansible支持上千多个模块)还是很有必要的。用下面的命令就可以查看其支持的模块的使用方式。
1.查看ansible支持的模块个数
[root@yinzhengjie ~]# ansible-doc -l | wc -l
1039
[root@yinzhengjie ~]#
2.查看ansible对某个模块的帮助
[root@yinzhengjie ~]# ansible-doc -s copy
3.指点迷津
想要学好ansible这个开源工具,需要熟练掌握YAML,palybook,corosync集群,crmch和pcs的使用方式。生产环境中我用不到这些。我用ansible就是因为生产环境中有50台服务器需要安装zabbix_agent服务器。听朋友介绍这个软件好使,就来研究一下。我的思路就是用ansible命令来管理所有主机,当然我会把shell安装脚本分发到各个服务器上去。帮我执行任务即可。