ansible学习

声明：本博客内容是根据惨绿少年内容实践随笔，地址：http://www.cnblogs.com/clsn/p/7743792.html#comment_form

1、ansible介绍

Ansible 是一个简单的自动化运维管理工具，基于Python开发，集合了众多运维工具（puppet、cfengine、chef、func、fabric）的优点，实现了批量系统配置、批量程序部署、批量运行命令等功能。可以用来自动化部署应用、配置、编排 task(持续 交付、无宕机更新等)，采用 paramiko 协议库（fabric 也使用这个），通过 SSH 或者 ZeroMQ 等连 接主机。

Ansible是基于模块工作的，本身没有批量部署的能力。真正具有批量部署的是ansible所运行的模块，ansible只是提供一种框架。Ansible的强大在于丰富的模块，目前已经存在的模块有750+，所有的功能是由ansible核心来调度，基于模块来完成和工作的。

2、ansible安装

2.1安装epel源

yum -y install epel-release

2.2安装 ansible

yum -y install ansible

2.3测试是否安装成功

执行命令：ansible --version

[root@localhost opt]# ansible --version
ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.5 (default, Nov 20 2015, 02:00:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-4)]
[root@localhost opt]#

3、ansible配置

3.1ansible总配置文件

配置文件路径为：/etc/ansible/ansible.cfg

部分配置文件说明：

[defaults]
#inventory = /etc/ansible/hosts    #定义inventory
#forks = 5                        #默认开启的并发数
#sudo_user = root                #默认sudo用户
#ask_sudo_pass = True            #是否需要sudo密码
#ask_pass = True                #是否需要密码
#host_key_checking = False       #首次连接是否需要检查key认证

3.2主机配置文件

配置文件路径：/etc/ansible/hosts

[testhost]
192.168.126.129
192.168.126.130

4、配置ansible免密登录

ansible管理其他的服务器实现自动化等操作，需要进行免密认证

在A机器上：

ssh-keygen生成密钥对文件

[root@localhost ~]# ssh-keygen （默认是-t rsa）

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):  // 这里直接按回车即可

Enter passphrase (empty for no passphrase):  //这里需要设置密钥的密码，如果直接回车则表示密码为空

Enter same passphrase again: // 再次输入密码；  这里也可以输入 ssh-keygen -t rsa -P '' ，这样可以免去输入三次回车，-P ''表示密码为空

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

复制代码

这样就生成了一对密钥在/root/.ssh/ 目录下，公钥是id_rsa.pub, 私钥是id_rsa.  然后

cat  .ssh/id_rsa.pub

打开公钥文件，把公钥文件复制到B机器的/root/.ssh/authorized_keys文件下

mkdir /root/.ssh

chmod 700 /root/.ssh

vi /root/.ssh/authorized_keys

然后就可以实现A机器密钥登录B机器了

5、ansible常用模块

5.1ping模块测试连通性

[root@localhost opt]# ansible all -m ping

192.168.126.129 | SUCCESS => {

"changed": false,

"ping": "pong"

}

192.168.126.130 | SUCCESS => {

"changed": false,

"ping": "pong"

}

5.2command 模块

chdir参数的使用：

[root@localhost opt]# ansible all -m command -a "chdir=/mnt/test ls"
192.168.126.129 | SUCCESS | rc=0 >>
111
keepalived-1.3.5.tar.gz
rpms
rpms.zip
tomcat-dev-8.0.32-v1.x86_64.rpm

192.168.126.130 | SUCCESS | rc=0 >>
111
keepalived-1.3.5.tar.gz
rpms
rpms.zip
tomcat-dev-8.0.32-v1.x86_64.rpm

creates 文件是否存在，不存在就执行命令

[root@localhost opt]# ansible all -m command -a "creates=/mnt/test1 date"
192.168.126.129 | SUCCESS | rc=0 >>
2018年 02月 05日 星期一 23:40:50 CST

192.168.126.130 | SUCCESS | rc=0 >>
2018年 02月 05日 星期一 15:47:35 CST

removes 文件是否存在，不存在就不执行命令

[root@localhost opt]# ansible all -m command -a "removes=/mnt/test1 date"
192.168.126.129 | SUCCESS | rc=0 >>
skipped, since /mnt/test1 does not exist

192.168.126.130 | SUCCESS | rc=0 >>
skipped, since /mnt/test1 does not exist

5.3 shell模块，万能模块

执行linux命令时可以用

远程节点执行命令

说明： shell 模块在远程执行脚本时，远程主机上一定要有相应的脚本

[root@localhost opt]# ansible all -m shell -a "/bin/sh /opt/test.sh"
192.168.126.130 | SUCCESS | rc=0 >>
hello world

192.168.126.129 | SUCCESS | rc=0 >>
hello world

5.4script模块，执行脚本模块

在本地执行脚本时，将脚本中的内容传输到远程节点上运行

[root@localhost opt]# ansible all -m script -a "/opt/test.sh"
192.168.126.129 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.126.129 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}
192.168.126.130 | SUCCESS => {
"changed": true,
"rc": 0,
"stderr": "Shared connection to 192.168.126.130 closed.\r\n",
"stdout": "hello world\r\n",
"stdout_lines": [
"hello world"
]
}

5.5copy模块，把本地文件复制到远程

[root@localhost opt]# ansible all -m copy -a 'src=/opt/test.conf dest=/opt/ owner=root group=root backup=yes'
192.168.126.129 | SUCCESS => {
"changed": false,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/opt/test.conf",
"secontext": "system_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
192.168.126.130 | SUCCESS => {
"changed": false,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"path": "/opt/test.conf",
"secontext": "system_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}

5.6 file模块，设置文件属性

file文件参数说明：

5.6.1 创建目录

[root@localhost opt]# ansible all -m file -a "dest=/opt/heruiguo state=directory"
192.168.126.129 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/heruiguo",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 6,
"state": "directory",
"uid": 0
}
192.168.126.130 | SUCCESS => {
"changed": true,
"gid": 0,
"group": "root",
"mode": "0755",
"owner": "root",
"path": "/opt/heruiguo",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 4096,
"state": "directory",
"uid": 0
}

5.6.2创建文件

[root@localhost opt]# ansible all -m file -a "dest=/opt/heruiguo.conf state=touch"
192.168.126.129 | SUCCESS => {
"changed": true,
"dest": "/opt/heruiguo.conf",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}
192.168.126.130 | SUCCESS => {
"changed": true,
"dest": "/opt/heruiguo.conf",
"gid": 0,
"group": "root",
"mode": "0644",
"owner": "root",
"secontext": "unconfined_u:object_r:usr_t:s0",
"size": 0,
"state": "file",
"uid": 0
}

5.6.3创建软连接

[root@localhost opt]# ansible all -m file -a "src=/opt/heruiguo.conf dest=/home/111 state=link"
192.168.126.129 | SUCCESS => {
"changed": true,
"dest": "/home/111",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 18,
"src": "/opt/heruiguo.conf",
"state": "link",
"uid": 0
}
192.168.126.130 | SUCCESS => {
"changed": true,
"dest": "/home/111",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"secontext": "unconfined_u:object_r:home_root_t:s0",
"size": 18,
"src": "/opt/heruiguo.conf",
"state": "link",
"uid": 0
}

[root@localhost opt]# cd /home/
[root@localhost home]#
[root@localhost home]# ll
总用量 4
lrwxrwxrwx. 1 root root 18 2月 5 17:01 111 -> /opt/heruiguo.conf
drwx------. 5 pmoopr pmoopr 4096 2月 5 13:20 pmoopr

5.6.4 删除目录

[root@localhost opt]# ansible all -m file -a "dest=/opt/heruiguo.conf state=absent"
192.168.126.130 | SUCCESS => {
"changed": true,
"path": "/opt/heruiguo.conf",
"state": "absent"
}
192.168.126.129 | SUCCESS => {
"changed": true,
"path": "/opt/heruiguo.conf",
"state": "absent"
}

5.7 fetch模块，拉取文件

参数说明：

从远程拉取文件放到本地

[root@localhost opt]# ansible all -m fetch -a "dest=/opt/ src=/opt/test.conf"
192.168.126.129 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/192.168.126.129/opt/test.conf",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}
192.168.126.130 | SUCCESS => {
"changed": true,
"checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"dest": "/opt/192.168.126.130/opt/test.conf",
"md5sum": "d41d8cd98f00b204e9800998ecf8427e",
"remote_checksum": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"remote_md5sum": null
}

flat 参数，拉去的时候不创建目录（同名文件会覆盖）

5.8 mount模块，挂载点模块

参数说明：

挂载：

ansible 192.168.126.129 -m mount -a "fstype=xfs opts=rw path=/mnt/  src=192.168.126.129:/data/  state=mounted"

卸载：

ansible 192.168.126.129 -m mount -a "fstype=xfs opts=rw path=/mnt/  src=192.168.126.129:/data/  state=unmounted"

5.8 cron模块，定时任务模块

参数说明：

添加定时任务

ansible test -m cron -a "minute=0 hour=0 job='/bin/sh  /server/scripts/hostname.sh &>/dev/null' name=oldboy01"

删除定时任务

ansible oldboy -m cron -a "minute=00 hour=00 job='/bin/sh  /server/scripts/hostname.sh &>/dev/null' name=oldboy01 state=absent"